Wilcard of server centos7.5-bind9.9

My system: Centos 7.5
my domain : shost.fr

My credential file

Serveur DNS

dns_rfc2136_server =

Nom de la clé TSIG (doit se terminer par un ‘.’)

dns_rfc2136_name = keyname.

clé secrète

dns_rfc2136_secret = r59s+m9wCfkv2Ti???yQRRw3QyaZXZvVIP4Qxh+m63c1wZD74 aYdYiH74pP93ce7JoHryrOlI4BjkVA==

Algorythme TSIG utilisé

dns_rfc2136_algorithm = HMAC-SHA512

certbot certonly --server https://acme-v02.api.letsencrypt.org/directory --dns-rfc2136 --dns-rfc2136-credentials ~/.secrets/certbot/rfc2136.ini -d shost.fr -d www.shost.fr

When I run Certbot to get a generic certificate for my domain, I have the following error:

Encountered exception during recovery:
Traceback (most recent call last):
File “/usr/lib/python2.7/site-packages/certbot/error_handler.py”, line 108, in _call_registered
File “/usr/lib/python2.7/site-packages/certbot/auth_handler.py”, line 310, in _cleanup_challenges
File “/usr/lib/python2.7/site-packages/certbot/plugins/dns_common.py”, line 76, in cleanup
self._cleanup(domain, validation_domain_name, validation)
File “/usr/lib/python2.7/site-packages/certbot_dns_rfc2136/dns_rfc2136.py”, line 79, in _cleanup
self._get_rfc2136_client().del_txt_record(validation_name, validation)
File “/usr/lib/python2.7/site-packages/certbot_dns_rfc2136/dns_rfc2136.py”, line 170, in del_txt_record
PluginError: Received response from server: REFUSED

I already have another domain (vhost.fr) certified by letsencrypt and I applied the same procedure. The only change is the access provider.

Do you have any idea of the origin of this problem?
Thank you for your reply.


The traceback might states that the server (DNS) was not available at the time of the request (the connection is refused when certbot tried to update DNS records on that server)

Thank you

TSIG keys need to remain secret! If you're using that one, and it isn't just an example, you need to change it. (Disable it on your servers and generate a new one.)

1 Like

No problem. It was just a previous trial. The key has been changed since.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.