Unable to verify via DNS-01 (Linode hosted DNS)

Please fill out the fields below so we can help you better.

My domain is: ubnt.emp.int.rlyrly.net

I ran this command: certbot certonly --debug-challenges -v --manual --preferred-challenges dns -d ubnt.emp.int.rlyrly.net

It produced this output:

| => certbot certonly --debug-challenges -v --manual --preferred-challenges dns -d ubnt.emp.int.rlyrly.net
Root logging level set at 10
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requested authenticator manual and installer None
Single candidate plugin: * manual
Description: Manual configuration or run your own shell scripts
Interfaces: IAuthenticator, IPlugin
Entry point: manual = certbot.plugins.manual:Authenticator
Initialized: <certbot.plugins.manual.Authenticator object at 0x10d678c50>
Prep: True
Selected authenticator <certbot.plugins.manual.Authenticator object at 0x10d678c50> and installer None
Picked account: <Account(RegistrationResource(body=Registration(status=None, contact=(u'mailto:operations@reallyreally.io',), agreement=u'https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf', key=JWKRSA(key=<ComparableRSAKey(<cryptography.hazmat.backends.openssl.rsa._RSAPublicKey object at 0x10e4101d0>)>)), uri=u'https://acme-v01.api.letsencrypt.org/acme/reg/14286966', new_authzr_uri=u'https://acme-v01.api.letsencrypt.org/acme/new-authz', terms_of_service=u'https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf'), dac43da1a4f00365348eabca7bc54118, Meta(creation_host=u'mbp003.local', creation_dt=datetime.datetime(2017, 5, 9, 22, 33, 11, tzinfo=<UTC>)))>
Sending GET request to https://acme-v01.api.letsencrypt.org/directory.
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
https://acme-v01.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 352
Received response:
HTTP 200
Server: nginx
Content-Type: application/json
Content-Length: 352
Boulder-Request-Id: HSaK746T8n4ky32oyxH49v_zxZo1gRg6p-hLNUfg6FE
Replay-Nonce: JmndSSKAPAoMiHQcj_Htv9hru4Iqct0817-Op0D23XA
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Mon, 05 Jun 2017 22:22:47 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 05 Jun 2017 22:22:47 GMT
Connection: keep-alive

{
  "key-change": "https://acme-v01.api.letsencrypt.org/acme/key-change",
  "new-authz": "https://acme-v01.api.letsencrypt.org/acme/new-authz",
  "new-cert": "https://acme-v01.api.letsencrypt.org/acme/new-cert",
  "new-reg": "https://acme-v01.api.letsencrypt.org/acme/new-reg",
  "revoke-cert": "https://acme-v01.api.letsencrypt.org/acme/revoke-cert"
}
Obtaining a new certificate
Requesting fresh nonce
Sending HEAD request to https://acme-v01.api.letsencrypt.org/acme/new-authz.
https://acme-v01.api.letsencrypt.org:443 "HEAD /acme/new-authz HTTP/1.1" 405 0
Received response:
HTTP 405
Server: nginx
Content-Type: application/problem+json
Content-Length: 91
Allow: POST
Boulder-Request-Id: 2dILDo4tB1wPScs4uiYIOYTUv9wDADQ6S8cckvXkkRI
Replay-Nonce: ZHZ_1Oph1IVgDGJolsYk6BwBdaRvHdnd0UeXEpmwrQY
Expires: Mon, 05 Jun 2017 22:22:47 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 05 Jun 2017 22:22:47 GMT
Connection: keep-alive


Storing nonce: ZHZ_1Oph1IVgDGJolsYk6BwBdaRvHdnd0UeXEpmwrQY
JWS payload:
{
  "identifier": {
    "type": "dns", 
    "value": "ubnt.emp.int.rlyrly.net"
  }, 
  "resource": "new-authz"
}
Sending POST request to https://acme-v01.api.letsencrypt.org/acme/new-authz:
{
  "header": {
    "alg": "RS256", 
    "jwk": {
      "e": "AQAB", 
      "kty": "RSA", 
      "n": "zIlmnkHHphDgayHezCRNeyh9wH4FxDOMBYlsPJMTzwLZIWiY4LcwNN99EyUlIgzLEAPhiJ1I8csUmhTpJZcEFi3wpMMKaHjbtDo03kNZoygB4mO8MVDn7R0HklSDzLyOysxmethtan0rt-LzUzceAxX8HFxJq7q5TYjKr83McfmL96At0CNxt29DqXT6HYMmOp3oKonZPTU6CLCEyp6NkRzm8GYj8AgQQzLrVSke-C2qDpSbZ-HNDpOleARdrX1N7LSgRCqMVaw39frTMkCAYToSOtVsfE-kvNwwpgl12Ch_baNZCST1V0Y3yE7GZLLywNil5mB-TyV0sT5GHnvgOw"
    }
  }, 
  "protected": "eyJub25jZSI6ICJaSFpfMU9waDFJVmdER0pvbHNZazZCd0JkYVJ2SGRuZDBVZVhFcG13clFZIn0", 
  "payload": "ewogICJpZGVudGlmaWVyIjogewogICAgInR5cGUiOiAiZG5zIiwgCiAgICAidmFsdWUiOiAidWJudC5lbXAuaW50LnJseXJseS5uZXQiCiAgfSwgCiAgInJlc291cmNlIjogIm5ldy1hdXRoeiIKfQ", 
  "signature": "J1-pnzdMt6QO0XZsZDm7ePdO9xY-US8hw_bxeKwLitb0Uvf2XE4tozqsfFy-pCQmc4YkGlA2cvXv3dVQtEhVNiVMlMum3k7uKBTZDvV-lBAL2vn55ws54NngrYLcPaq8qkhLyKznifmERuOZ0aMn6i85-CWU1Mjzu1Ps-I9OmmykH5BMbn2cZxWfEjVYdzsCIe70cR6Ik97EsuczjG54oLi8ZB-wUl_pPr-GFxOYZ93kavqup6QqytSBcR3fqeUPK9qwoKj4ciYHhjQYR0gyy1dXlJoI4q7ZgnWNKYxjrnuZ42_r7PO1GLCwMlnd3jrnNta6lgwPaEUc0VF27NFwtQ"
}
https://acme-v01.api.letsencrypt.org:443 "POST /acme/new-authz HTTP/1.1" 201 1011
Received response:
HTTP 201
Server: nginx
Content-Type: application/json
Content-Length: 1011
Boulder-Request-Id: hzyYudtVt88NYVJ3XF4DevAmrhTsFv9xQKG0O9G0Nt0
Boulder-Requester: 14286966
Link: <https://acme-v01.api.letsencrypt.org/acme/new-cert>;rel="next"
Location: https://acme-v01.api.letsencrypt.org/acme/authz/-KJaEnWOvTf5GReHY4hoqsMq6vItuBQ20pSyGoOTeNg
Replay-Nonce: YCRmHlNh1ANeK274qLxqZEJtRK2_NaW282Qz19HFvDA
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Mon, 05 Jun 2017 22:22:48 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 05 Jun 2017 22:22:48 GMT
Connection: keep-alive

{
  "identifier": {
    "type": "dns",
    "value": "ubnt.emp.int.rlyrly.net"
  },
  "status": "pending",
  "expires": "2017-06-12T22:22:48.261366412Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/-KJaEnWOvTf5GReHY4hoqsMq6vItuBQ20pSyGoOTeNg/1286110613",
      "token": "WqLMQvlg487J9LYE4FrwJLd7tjdgHnw_ttCIcbWSwPU"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/-KJaEnWOvTf5GReHY4hoqsMq6vItuBQ20pSyGoOTeNg/1286110614",
      "token": "isARKfzCP7goFItsTPvmGoCS0aiJBjBx7tipZzU7qno"
    },
    {
      "type": "tls-sni-01",
      "status": "pending",
      "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/-KJaEnWOvTf5GReHY4hoqsMq6vItuBQ20pSyGoOTeNg/1286110615",
      "token": "q7RZValyJVgLj5SRiHbO6IQCxIvy2L2bkEQJihe8tS0"
    }
  ],
  "combinations": [
    [
      0
    ],
    [
      2
    ],
    [
      1
    ]
  ]
}
Storing nonce: YCRmHlNh1ANeK274qLxqZEJtRK2_NaW282Qz19HFvDA
Performing the following challenges:
dns-01 challenge for ubnt.emp.int.rlyrly.net

-------------------------------------------------------------------------------
NOTE: The IP of this machine will be publicly logged as having requested this
certificate. If you're running certbot in manual mode on a machine that is not
your server, please ensure you're okay with that.

Are you OK with your IP being logged?
-------------------------------------------------------------------------------
(Y)es/(N)o: y

-------------------------------------------------------------------------------
Please deploy a DNS TXT record under the name
_acme-challenge.ubnt.emp.int.rlyrly.net with the following value:

8O9m83VC4H1kCrhuej0ECbOtR4nJ5Sb47LqBF3LTC9E

Once this is deployed,
-------------------------------------------------------------------------------
Press Enter to Continue
Waiting for verification...

-------------------------------------------------------------------------------
Challenges loaded. Press continue to submit to CA. Pass "-v" for more info about
challenges.
-------------------------------------------------------------------------------
Press Enter to Continue
JWS payload:
{
  "keyAuthorization": "isARKfzCP7goFItsTPvmGoCS0aiJBjBx7tipZzU7qno.7T3ZLv4xTpPRa0KR1ndkueHQ1COxOBfp2eGgU6kYxZk", 
  "type": "dns-01", 
  "resource": "challenge"
}
Sending POST request to https://acme-v01.api.letsencrypt.org/acme/challenge/-KJaEnWOvTf5GReHY4hoqsMq6vItuBQ20pSyGoOTeNg/1286110614:
{
  "header": {
    "alg": "RS256", 
    "jwk": {
      "e": "AQAB", 
      "kty": "RSA", 
      "n": "zIlmnkHHphDgayHezCRNeyh9wH4FxDOMBYlsPJMTzwLZIWiY4LcwNN99EyUlIgzLEAPhiJ1I8csUmhTpJZcEFi3wpMMKaHjbtDo03kNZoygB4mO8MVDn7R0HklSDzLyOysxmethtan0rt-LzUzceAxX8HFxJq7q5TYjKr83McfmL96At0CNxt29DqXT6HYMmOp3oKonZPTU6CLCEyp6NkRzm8GYj8AgQQzLrVSke-C2qDpSbZ-HNDpOleARdrX1N7LSgRCqMVaw39frTMkCAYToSOtVsfE-kvNwwpgl12Ch_baNZCST1V0Y3yE7GZLLywNil5mB-TyV0sT5GHnvgOw"
    }
  }, 
  "protected": "eyJub25jZSI6ICJZQ1JtSGxOaDFBTmVLMjc0cUx4cVpFSnRSSzJfTmFXMjgyUXoxOUhGdkRBIn0", 
  "payload": "ewogICJrZXlBdXRob3JpemF0aW9uIjogImlzQVJLZnpDUDdnb0ZJdHNUUHZtR29DUzBhaUpCakJ4N3RpcFp6VTdxbm8uN1QzWkx2NHhUcFBSYTBLUjFuZGt1ZUhRMUNPeE9CZnAyZUdnVTZrWXhaayIsIAogICJ0eXBlIjogImRucy0wMSIsIAogICJyZXNvdXJjZSI6ICJjaGFsbGVuZ2UiCn0", 
  "signature": "VNz5bD08GBnrjrhdtUOgkR3e5OantBAu1tmoWUCy4mGWTG4w9mz83P9_HEscFAZN2sgBqk4fK-94cN4LV5XzYi9w7s7wnkHbL_H85Gw7P7Tkyb2FR5ShkIB0Lno0GsEsou7ie8N0YSZ4Rkn8CGm7czC1mZhnRO0hjQJ3rIcX2ox4EHBU-XV5pf2QLYVQJ6U6R4EbOUp1n9CgUzf6Ah5M9e00fUZ1xY9YRuMJzHcaR1Y4U8kOBGgNHKFmOysNwfI-cT3a69j_-ltQgn5KWnG8JIbW3QY4RR4PVWWduGsBrJu7Hh0qvmn7_rwssq5vpJ2y-Inzp_G8KkwpdSL9Oan3WA"
}
Resetting dropped connection: acme-v01.api.letsencrypt.org
https://acme-v01.api.letsencrypt.org:443 "POST /acme/challenge/-KJaEnWOvTf5GReHY4hoqsMq6vItuBQ20pSyGoOTeNg/1286110614 HTTP/1.1" 400 149
Received response:
HTTP 400
Server: nginx
Content-Type: application/problem+json
Content-Length: 149
Boulder-Request-Id: Y_MWixGx4934fFfiC4yRwO8vLJjHbZl4Cpn_hFApXaA
Boulder-Requester: 14286966
Replay-Nonce: B_HkYG4VH7KCHW1ErIE01wY1LqdmC2cIzY_ZfYhx13o
Expires: Mon, 05 Jun 2017 22:38:21 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 05 Jun 2017 22:38:21 GMT
Connection: close

{
  "type": "urn:acme:error:badNonce",
  "detail": "JWS has invalid anti-replay nonce YCRmHlNh1ANeK274qLxqZEJtRK2_NaW282Qz19HFvDA",
  "status": 400
}
Storing nonce: B_HkYG4VH7KCHW1ErIE01wY1LqdmC2cIzY_ZfYhx13o
Retrying request after error:
urn:acme:error:badNonce :: The client sent an unacceptable anti-replay nonce :: JWS has invalid anti-replay nonce YCRmHlNh1ANeK274qLxqZEJtRK2_NaW282Qz19HFvDA
JWS payload:
{
  "keyAuthorization": "isARKfzCP7goFItsTPvmGoCS0aiJBjBx7tipZzU7qno.7T3ZLv4xTpPRa0KR1ndkueHQ1COxOBfp2eGgU6kYxZk", 
  "type": "dns-01", 
  "resource": "challenge"
}
Sending POST request to https://acme-v01.api.letsencrypt.org/acme/challenge/-KJaEnWOvTf5GReHY4hoqsMq6vItuBQ20pSyGoOTeNg/1286110614:
{
  "header": {
    "alg": "RS256", 
    "jwk": {
      "e": "AQAB", 
      "kty": "RSA", 
      "n": "zIlmnkHHphDgayHezCRNeyh9wH4FxDOMBYlsPJMTzwLZIWiY4LcwNN99EyUlIgzLEAPhiJ1I8csUmhTpJZcEFi3wpMMKaHjbtDo03kNZoygB4mO8MVDn7R0HklSDzLyOysxmethtan0rt-LzUzceAxX8HFxJq7q5TYjKr83McfmL96At0CNxt29DqXT6HYMmOp3oKonZPTU6CLCEyp6NkRzm8GYj8AgQQzLrVSke-C2qDpSbZ-HNDpOleARdrX1N7LSgRCqMVaw39frTMkCAYToSOtVsfE-kvNwwpgl12Ch_baNZCST1V0Y3yE7GZLLywNil5mB-TyV0sT5GHnvgOw"
    }
  }, 
  "protected": "eyJub25jZSI6ICJCX0hrWUc0Vkg3S0NIVzFFcklFMDF3WTFMcWRtQzJjSXpZX1pmWWh4MTNvIn0", 
  "payload": "ewogICJrZXlBdXRob3JpemF0aW9uIjogImlzQVJLZnpDUDdnb0ZJdHNUUHZtR29DUzBhaUpCakJ4N3RpcFp6VTdxbm8uN1QzWkx2NHhUcFBSYTBLUjFuZGt1ZUhRMUNPeE9CZnAyZUdnVTZrWXhaayIsIAogICJ0eXBlIjogImRucy0wMSIsIAogICJyZXNvdXJjZSI6ICJjaGFsbGVuZ2UiCn0", 
  "signature": "L8JVbxbAGXsACUo5Q76jyy-KT6rbCu1mkbgr7T_nYY7zejtukk7yEcb9AW2n5mhno4xybtoDf_nayvPWQ5VNwsWyseLTNSyLI4M0eJIoR_bxZMbzTx1HwhOO1XA5oaBZmXwm_H4BJNdJXCjd8s7OxK2V1HB4LH2she1gVMfbYu26M8brZhMUq1kbLVuqbEdMLXznFk-XwrhBCrU8x_VmKSqteebYe7yBad5IURk3z3i-jVEl2cK8I3SSdapV2vguDu61KSxnv9uVHzS3Z7RpcLyhGoM6Jnk_nFr-E-pUmwuzWuWExQ5FA1JJhT3MJiU2WmRgxdemdlvhTPJTG7qycw"
}
Resetting dropped connection: acme-v01.api.letsencrypt.org
https://acme-v01.api.letsencrypt.org:443 "POST /acme/challenge/-KJaEnWOvTf5GReHY4hoqsMq6vItuBQ20pSyGoOTeNg/1286110614 HTTP/1.1" 202 335
Received response:
HTTP 202
Server: nginx
Content-Type: application/json
Content-Length: 335
Boulder-Request-Id: EuMscy1e_81So2iHFVGXqF21AOQ-wZ3xICTiavNyR3I
Boulder-Requester: 14286966
Link: <https://acme-v01.api.letsencrypt.org/acme/authz/-KJaEnWOvTf5GReHY4hoqsMq6vItuBQ20pSyGoOTeNg>;rel="up"
Location: https://acme-v01.api.letsencrypt.org/acme/challenge/-KJaEnWOvTf5GReHY4hoqsMq6vItuBQ20pSyGoOTeNg/1286110614
Replay-Nonce: seFo3JedV7bSNNRuRuRFVsELZ00GpbJdLr8Z04Lea5U
Expires: Mon, 05 Jun 2017 22:38:22 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 05 Jun 2017 22:38:22 GMT
Connection: keep-alive

{
  "type": "dns-01",
  "status": "pending",
  "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/-KJaEnWOvTf5GReHY4hoqsMq6vItuBQ20pSyGoOTeNg/1286110614",
  "token": "isARKfzCP7goFItsTPvmGoCS0aiJBjBx7tipZzU7qno",
  "keyAuthorization": "isARKfzCP7goFItsTPvmGoCS0aiJBjBx7tipZzU7qno.7T3ZLv4xTpPRa0KR1ndkueHQ1COxOBfp2eGgU6kYxZk"
}
Storing nonce: seFo3JedV7bSNNRuRuRFVsELZ00GpbJdLr8Z04Lea5U
Sending GET request to https://acme-v01.api.letsencrypt.org/acme/authz/-KJaEnWOvTf5GReHY4hoqsMq6vItuBQ20pSyGoOTeNg.
https://acme-v01.api.letsencrypt.org:443 "GET /acme/authz/-KJaEnWOvTf5GReHY4hoqsMq6vItuBQ20pSyGoOTeNg HTTP/1.1" 200 1276
Received response:
HTTP 200
Server: nginx
Content-Type: application/json
Content-Length: 1276
Boulder-Request-Id: J-1zde5fv7CRjctx-mwREexR9nQCExOoZg8_nB5X5QI
Link: <https://acme-v01.api.letsencrypt.org/acme/new-cert>;rel="next"
Replay-Nonce: 0OkQ2ymMee7Usf6_fl5iZqQLfxROAkZRplT_yVChwws
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Mon, 05 Jun 2017 22:38:26 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 05 Jun 2017 22:38:26 GMT
Connection: keep-alive

{
  "identifier": {
    "type": "dns",
    "value": "ubnt.emp.int.rlyrly.net"
  },
  "status": "invalid",
  "expires": "2017-06-12T22:22:48Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/-KJaEnWOvTf5GReHY4hoqsMq6vItuBQ20pSyGoOTeNg/1286110613",
      "token": "WqLMQvlg487J9LYE4FrwJLd7tjdgHnw_ttCIcbWSwPU"
    },
    {
      "type": "dns-01",
      "status": "invalid",
      "error": {
        "type": "urn:acme:error:unauthorized",
        "detail": "Correct value not found for DNS challenge",
        "status": 403
      },
      "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/-KJaEnWOvTf5GReHY4hoqsMq6vItuBQ20pSyGoOTeNg/1286110614",
      "token": "isARKfzCP7goFItsTPvmGoCS0aiJBjBx7tipZzU7qno",
      "keyAuthorization": "isARKfzCP7goFItsTPvmGoCS0aiJBjBx7tipZzU7qno.7T3ZLv4xTpPRa0KR1ndkueHQ1COxOBfp2eGgU6kYxZk"
    },
    {
      "type": "tls-sni-01",
      "status": "pending",
      "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/-KJaEnWOvTf5GReHY4hoqsMq6vItuBQ20pSyGoOTeNg/1286110615",
      "token": "q7RZValyJVgLj5SRiHbO6IQCxIvy2L2bkEQJihe8tS0"
    }
  ],
  "combinations": [
    [
      0
    ],
    [
      2
    ],
    [
      1
    ]
  ]
}
Reporting to user: The following errors were reported by the server:

Domain: ubnt.emp.int.rlyrly.net
Type:   unauthorized
Detail: Correct value not found for DNS challenge

To fix these errors, please make sure that your domain name was entered correctly and the DNS A record(s) for that domain contain(s) the right IP address.
Cleaning up challenges
Exiting abnormally:
Traceback (most recent call last):
  File "/usr/local/bin/certbot", line 11, in <module>
    load_entry_point('certbot==0.14.0', 'console_scripts', 'certbot')()
  File "/usr/local/Cellar/certbot/0.14.0/libexec/lib/python2.7/site-packages/certbot/main.py", line 742, in main
    return config.func(config, plugins)
  File "/usr/local/Cellar/certbot/0.14.0/libexec/lib/python2.7/site-packages/certbot/main.py", line 682, in certonly
    lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
  File "/usr/local/Cellar/certbot/0.14.0/libexec/lib/python2.7/site-packages/certbot/main.py", line 82, in _get_and_save_cert
    lineage = le_client.obtain_and_enroll_certificate(domains, certname)
  File "/usr/local/Cellar/certbot/0.14.0/libexec/lib/python2.7/site-packages/certbot/client.py", line 344, in obtain_and_enroll_certificate
    certr, chain, key, _ = self.obtain_certificate(domains)
  File "/usr/local/Cellar/certbot/0.14.0/libexec/lib/python2.7/site-packages/certbot/client.py", line 313, in obtain_certificate
    self.config.allow_subset_of_names)
  File "/usr/local/Cellar/certbot/0.14.0/libexec/lib/python2.7/site-packages/certbot/auth_handler.py", line 81, in get_authorizations
    self._respond(resp, best_effort)
  File "/usr/local/Cellar/certbot/0.14.0/libexec/lib/python2.7/site-packages/certbot/auth_handler.py", line 138, in _respond
    self._poll_challenges(chall_update, best_effort)
  File "/usr/local/Cellar/certbot/0.14.0/libexec/lib/python2.7/site-packages/certbot/auth_handler.py", line 202, in _poll_challenges
    raise errors.FailedChallenges(all_failed_achalls)
FailedChallenges: Failed authorization procedure. ubnt.emp.int.rlyrly.net (dns-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Correct value not found for DNS challenge
Failed authorization procedure. ubnt.emp.int.rlyrly.net (dns-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Correct value not found for DNS challenge

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: ubnt.emp.int.rlyrly.net
   Type:   unauthorized
   Detail: Correct value not found for DNS challenge

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A record(s) for that domain
   contain(s) the right IP address.

My web server is (include version): N/A

The operating system my web server runs on is (include version): macOS

My hosting provider, if applicable, is: DNS hosted by Linode

I can login to a root shell on my machine (yes or no, or I don’t know): N/A

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): N/A

DNS entries confirmed before proceeding: yes
| => dig TXT _acme-challenge.ubnt.emp.int.rlyrly.net @ns1.linode.com

; <<>> DiG 9.8.3-P1 <<>> TXT _acme-challenge.ubnt.emp.int.rlyrly.net @ns1.linode.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56544
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 5, ADDITIONAL: 10
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;_acme-challenge.ubnt.emp.int.rlyrly.net. IN TXT

;; ANSWER SECTION:
_acme-challenge.ubnt.emp.int.rlyrly.net. 300 IN TXT ““8O9m83VC4H1kCrhuej0ECbOtR4nJ5Sb47LqBF3LTC9E””

;; AUTHORITY SECTION:
rlyrly.net. 86400 IN NS ns4.linode.com.
rlyrly.net. 86400 IN NS ns5.linode.com.
rlyrly.net. 86400 IN NS ns3.linode.com.
rlyrly.net. 86400 IN NS ns2.linode.com.
rlyrly.net. 86400 IN NS ns1.linode.com.

;; ADDITIONAL SECTION:
ns1.linode.com. 300 IN A 162.159.27.72
ns1.linode.com. 300 IN AAAA 2400:cb00:2049:1::a29f:1a63
ns2.linode.com. 300 IN A 162.159.24.39
ns2.linode.com. 300 IN AAAA 2400:cb00:2049:1::a29f:1827
ns3.linode.com. 300 IN A 162.159.25.129
ns3.linode.com. 300 IN AAAA 2400:cb00:2049:1::a29f:1981
ns4.linode.com. 300 IN A 162.159.26.99
ns4.linode.com. 300 IN AAAA 2400:cb00:2049:1::a29f:1b48
ns5.linode.com. 300 IN A 162.159.24.25
ns5.linode.com. 300 IN AAAA 2400:cb00:2049:1::a29f:1819

;; Query time: 320 msec
;; SERVER: 162.159.27.72#53(162.159.27.72)
;; WHEN: Tue Jun 6 08:47:00 2017
;; MSG SIZE rcvd: 435

I’m not certain if this matters, but…

There’s an extra set of quotes. Let’s Encrypt may ignore them, or it may not.

Next time try entering the TXT record at Linode without any "?

1 Like

Let's Encrypt does not ignore quotes.

1 Like

Thank you!
I had no idea we did not need quotes at Linode.
All working now.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.