My domain is: asistv.org (among others, see command for all, ) - but this is the one I am having issues with.
I ran this command (limited output because ‘As a new member, you can only insert 20 URLs per post’…):
sudo certbot -d asisfoundation.org -d www.asisfoundation.org -d <8 removed per above comment> -d protectionofassets.com -d www.protectionofassets.com -d asistv.org -d www.asistv.org -d securityexpo.org -d www.securityexpo.org -d <4 more removed> -d asisonline.eu -d www.asisonline.eu -d securitycares.com -d www.securitycares.com --manual --preferred-challenges dns certonly
It produced this output (Slashes ‘/’ added to try and make them ‘not a URL’):
Failed authorization procedure. www.asistv./org (dns-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: No TXT record found at _acme-challenge.www.asistv./org, asistv./org (dns-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: No TXT record found at _acme-challenge./asistv./org
The operating system my web server runs on is (include version): 18.04.1 LTS
I can login to a root shell on my machine (yes or no, or I don’t know): Yes
certbot 0.23.0
I’m trying to figure out what is happening here. When I first ran the above command, I noted down the TXT record results of all 24 requests, cancelled the command before fully completing it, and proceeded to add the TXT records to all of the various domains on our DNS provider. I then began to run the command again to ensure that the DNS challenge string did not change upon previously cancelling the command - and the first few that I looked at appeared to remain the same.
I left it alone overnight and came back to it the next day.
That following day (yesterday), I checked the DNS records to ensure they were all available and published from the provided. After confirmation, I ran the full command again and received the Output mentioned above, specifically:
Failed authorization procedure. www.asistv.org (dns-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: No TXT record found at _acme-challenge.www.asistv./org, asistv./org (dns-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: No TXT record found at _acme-challenge./asistv./org
Why that one? Maybe entered it incorrectly, or didn’t notate accurately? Thinking that, I ran the command above again and noted that the challenge string for all of the requested domains was still the same, except for asistv./org and www.asistv./org. They were completely different from what I had noted down, while everything before and after those two were the same. Weird - but still am thinking that maybe I initially noted it down wrong.
So I then updated the asistv./org TXT records on our DNS provider to the new challenge text, waited ~6 hours, and attempted again. Received the same results. Same error output revolving around asistv./org mentioned above, and yet another different DNS challenge text presented to me for asistv./org and www.asistv./org upon re-running the command. All while the challenge text for the other 22 domains is identical to when the command was first run.
I repeated the above paragraph one more time, but instead waited 18 hours or so before attempting to generate the certificates. Same thing.
I ran through this with a co-worker and our current thought is that something in the certbot code may be recognizing the ‘tv’ part of the domain rather than recognizing ‘.tv’ and is trying to do something odd because of that. This is just a guess. I am stuck.
Worthy mention: Using the dns-01 challenge is a technical requirement for this project.
Thank you in advance for assistance!