Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: n64088.org and results.sarasotasailingsquadron.org
I ran this command:
sudo certbot certonly --server https://acme-v02.api.letsencrypt.org/directory
–cert-name n64088.org
–dns-digitalocean
–dns-digitalocean-propagation-seconds 60
–dns-digitalocean-credentials ~/.secrets/certbot/n64088.digitalocean.ini
-d n64088.org -d *.n64088.org
–dns-digitalocean
–dns-digitalocean-propagation-seconds 60
–dns-digitalocean-credentials ~/.secrets/certbot/sss.digitalocean.ini
-d results.sarasotasailingsquadron.org
–dry-run
It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator dns-digitalocean, Installer None
Cert is due for renewal, auto-renewing…
Renewing an existing certificate
Performing the following challenges:
dns-01 challenge for n64088.org
dns-01 challenge for n64088.org
dns-01 challenge for results.sarasotasailingsquadron.org
Cleaning up challenges
Encountered exception during recovery:
Traceback (most recent call last):
File “/home/flymike/.local/lib/python3.5/site-packages/certbot/auth_handler.py”, line 69, in handle_authorizations
resps = self.auth.perform(achalls)
File “/home/flymike/.local/lib/python3.5/site-packages/certbot/plugins/dns_common.py”, line 58, in perform
self._perform(domain, validation_domain_name, validation)
File “/usr/local/lib/python3.5/dist-packages/certbot_dns_digitalocean/dns_digitalocean.py”, line 47, in _perform
self._get_digitalocean_client().add_txt_record(domain, validation_name, validation)
File “/usr/local/lib/python3.5/dist-packages/certbot_dns_digitalocean/dns_digitalocean.py”, line 76, in add_txt_record
domain = self._find_domain(domain_name)
File “/usr/local/lib/python3.5/dist-packages/certbot_dns_digitalocean/dns_digitalocean.py”, line 163, in _find_domain
.format(domain_name, domain_name_guesses))
certbot.errors.PluginError: Unable to determine base domain for n64088.org using names: [‘n64088.org’, ‘org’].
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File “/home/flymike/.local/lib/python3.5/site-packages/certbot/error_handler.py”, line 124, in _call_registered
self.funcs-1
File “/home/flymike/.local/lib/python3.5/site-packages/certbot/auth_handler.py”, line 220, in _cleanup_challenges
self.auth.cleanup(achalls)
File “/home/flymike/.local/lib/python3.5/site-packages/certbot/plugins/dns_common.py”, line 77, in cleanup
self._cleanup(domain, validation_domain_name, validation)
File “/usr/local/lib/python3.5/dist-packages/certbot_dns_digitalocean/dns_digitalocean.py”, line 50, in _cleanup
self._get_digitalocean_client().del_txt_record(domain, validation_name, validation)
File “/usr/local/lib/python3.5/dist-packages/certbot_dns_digitalocean/dns_digitalocean.py”, line 116, in del_txt_record
domain = self._find_domain(domain_name)
File “/usr/local/lib/python3.5/dist-packages/certbot_dns_digitalocean/dns_digitalocean.py”, line 163, in _find_domain
.format(domain_name, domain_name_guesses))
certbot.errors.PluginError: Unable to determine base domain for n64088.org using names: [‘n64088.org’, ‘org’].
Unable to determine base domain for n64088.org using names: [‘n64088.org’, ‘org’].
My web server is (include version): apache 2.4.18
The operating system my web server runs on is (include version): Ubuntu 16.04
My hosting provider, if applicable, is: DigitalOcean
I can login to a root shell on my machine (yes or no, or I don’t know): yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): 0.35.1
I have 2 domains on a single certificate because one domain is an Apache ServerAlias for the other.
Additionally the 2 domains are held under different DO accounts - which is why there are 2 separate --dns-digitalocean-credentials options specifed.
I am renewing an existing certificate, using a command which has worked in the past - so this might be an intermittent problem.