I'm trying to use certbot for the first time to create signed certificates for pages on my local home server. My server is my DNS server, pointing to OpenDNS, and I've edited dnsmasq.conf for the TXT file. I suspect I'm entering it incorrectly:
#Change the following lines to enable dnsmasq to serve TXT records.
#These are used for things like SPF and zeroconf. (Note that the
#domain-name expansion done for SRV records _does_not
#occur for TXT records.)#Example SPF.
#txt-record=example.com,"v=spf1 a -all"#Example zeroconf
#txt-record=_http._tcp.example.com,name=value,paper=A4
> txt-record=_acme-challenge,"zxrQz_bRJlfO2psXSWraPHXT70Rm1K-clw72zEwYhb8"
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: *starfleet.org (local domain)
I ran this command: certbot --text --agree-tos --email t******@*****m -d hda.starfleet.org --manual --preferred-challenges dns --expand --renew-by-default --manual-public-ip-logging-ok certonly
It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Obtaining a new certificate
Performing the following challenges:
dns-01 challenge for hda.starfleet.org
Please deploy a DNS TXT record under the name
_acme-challenge.hda.starfleet.org with the following value:
zxrQz_bRJlfO2psXSWraPHXT70Rm1K-clw72zEwYhb8
Before continuing, verify the record is deployed.
Press Enter to Continue
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. hda.starfleet.org (dns-01): urn:ietf:params:acme:error:dns :: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.hda.starfleet.org
IMPORTANT NOTES:
-
The following errors were reported by the server:
Domain: hda.starfleet.org
Type: None
Detail: DNS problem: NXDOMAIN looking up TXT for
_acme-challenge.hda.starfleet.org
My web server is (include version): Fedora 27
The operating system my web server runs on is (include version): Fedora 27
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): yes, Amahi 11