Wildcard cert and DNS Challange with certbot


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: nawrocki.eu

I ran this command:

certbot -d nawrocki.eu -d *.nawrocki.eu --server https://acme-v02.api.letsencrypt.org/directory --manual --preferred-challenges dns certonly

It produced this output:

root@vps:/etc/letsencrypt# ./enpe.pl
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Cert is due for renewal, auto-renewing…
Renewing an existing certificate
Performing the following challenges:
dns-01 challenge for nawrocki.eu
dns-01 challenge for nawrocki.eu


NOTE: The IP of this machine will be publicly logged as having requested this
certificate. If you’re running certbot in manual mode on a machine that is not
your server, please ensure you’re okay with that.

Are you OK with your IP being logged?

(Y)es/(N)o: y


Please deploy a DNS TXT record under the name
_acme-challenge.nawrocki.eu with the following value:

aShMwD-Rji_sgU44xyHMu_ViMKaZIzo_QB7XGZa1j2A

Before continuing, verify the record is deployed.

Press Enter to Continue


Please deploy a DNS TXT record under the name
_acme-challenge.nawrocki.eu with the following value:

gYKs4q2DsUUOIZK4eeq8RujqtJRkK6KcmzKL3-ltd8s

Before continuing, verify the record is deployed.

Press Enter to Continue

Waiting for verification…
Cleaning up challenges
Failed authorization procedure. nawrocki.eu (dns-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect TXT recor d “gYKs4q2DsUUOIZK4eeq8RujqtJRkK6KcmzKL3-ltd8s” found at _acme-challenge.nawrocki.eu,

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: nawrocki.eu
    Type: unauthorized
    Detail: Incorrect TXT record
    “gYKs4q2DsUUOIZK4eeq8RujqtJRkK6KcmzKL3-ltd8s” found at
    _acme-challenge.nawrocki.eu

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address.

My web server is (include version):

root@vps:/etc/letsencrypt# apache2 -v
Server version: Apache/2.4.29 (Ubuntu)
Server built: 2018-10-10T18:59:25
root@vps:/etc/letsencrypt#

The operating system my web server runs on is (include version):

root@vps:/etc/letsencrypt# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 18.04.1 LTS
Release: 18.04
Codename: bionic
root@vps:/etc/letsencrypt#

My hosting provider, if applicable, is:
OVH

I can login to a root shell on my machine (yes or no, or I don’t know):
yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
no


#2

You need to add both TXT records:

I only see one right now:
_acme-challenge.nawrocki.eu text =
"gYKs4q2DsUUOIZK4eeq8RujqtJRkK6KcmzKL3-ltd8s"

If for any reason the second record overwrites the first one; so that only one record can exist at a time:
Try adding them both at the same time (with a line break between them).