Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: 1.livedance.stream -- http://1.livedance.stream:8080/stream/test.html to see the site kinda works (I have something else on port 80)
I ran this command:
certbot certonly --manual --manual-auth-hook /etc/letsencrypt/acme-dns-auth.py --preferred-challenges dns-01 --debug-challenges -d 1.livedance.stream --dry-run --staging
It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Simulating a certificate request for 1.livedance.stream
Challenges loaded. Press continue to submit to CA. Pass "-v" for more info about
challenges.
Press Enter to Continue
Then I check the logs and am guessing it is requesting this TXT record added:
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/10763565834/S5lhRA",
"token": "lfwLwg7wEhjwj6NwkJtXzFEmZnF7bl9eTUDJ36PGF-U"
},
dig -t txt _acme-challenge.1.livedance.stream shows me the correct TXT record
;; ANSWER SECTION:
_acme-challenge.1.livedance.stream. 300 IN TXT "lfwLwg7wEhjwj6NwkJtXzFEmZnF7bl9 eTUDJ36PGF-U"
I get this after Enter:
Certbot failed to authenticate some domains (authenticator: manual). The Certificate Authority reported these problems:
Domain: 1.livedance.stream
Type: unauthorized
Detail: Incorrect TXT record "lfwLwg7wEhjwj6NwkJtXzFEmZnF7bl9eTUDJ36PGF-U" found at _acme-challenge.1.livedance.stream
Hint: The Certificate Authority failed to verify the DNS TXT records created by the --manual-auth-hook. Ensure that this hook is functioning correctly and that it waits a sufficient duration of time for DNS propagation. Refer to "certbot --help manual" and the Certbot User Guide.
Some challenges have failed.
Logs:
{
"type": "dns-01",
"status": "invalid",
"error": {
"type": "urn:ietf:params:acme:error:unauthorized",
"detail": "Incorrect TXT record "lfwLwg7wEhjwj6NwkJtXzFEmZnF7bl9eTUDJ36PGF-U" found at _acme-challenge.1.livedance.stream",
"status": 403
},
My web server is (include version): Nginx 1.17.10
The operating system my web server runs on is (include version): Centos 8
My hosting provider, if applicable, is: I run my own servers at home
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): ?? I guess I do most on the back end
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.22.0
Any ideas on why I could be failing the DNS TXT record check? or am I putting in the wrong record because I can't find what it is actually looking for IE could it be the Replay-Nonce instead?
(I had Certbot show me the desired TXT record the first time I tested it, but I did do my DNS record incorrectly the first time, and now it wont show me in SSH the record so I am hunting for it in the logs)