Wildcard cert and DNS Challange with certbot


Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: nawrocki.eu

I ran this command:

certbot -d nawrocki.eu -d *.nawrocki.eu --server https://acme-v02.api.letsencrypt.org/directory --manual --preferred-challenges dns certonly

It produced this output:

root@vps:/etc/letsencrypt# ./enpe.pl
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Cert is due for renewal, auto-renewing…
Renewing an existing certificate
Performing the following challenges:
dns-01 challenge for nawrocki.eu
dns-01 challenge for nawrocki.eu

NOTE: The IP of this machine will be publicly logged as having requested this
certificate. If you’re running certbot in manual mode on a machine that is not
your server, please ensure you’re okay with that.

Are you OK with your IP being logged?

(Y)es/(N)o: y

Please deploy a DNS TXT record under the name
_acme-challenge.nawrocki.eu with the following value:


Before continuing, verify the record is deployed.

Press Enter to Continue

Please deploy a DNS TXT record under the name
_acme-challenge.nawrocki.eu with the following value:


Before continuing, verify the record is deployed.

Press Enter to Continue

Waiting for verification…
Cleaning up challenges
Failed authorization procedure. nawrocki.eu (dns-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect TXT recor d “gYKs4q2DsUUOIZK4eeq8RujqtJRkK6KcmzKL3-ltd8s” found at _acme-challenge.nawrocki.eu,


  • The following errors were reported by the server:

    Domain: nawrocki.eu
    Type: unauthorized
    Detail: Incorrect TXT record
    “gYKs4q2DsUUOIZK4eeq8RujqtJRkK6KcmzKL3-ltd8s” found at

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address.

My web server is (include version):

root@vps:/etc/letsencrypt# apache2 -v
Server version: Apache/2.4.29 (Ubuntu)
Server built: 2018-10-10T18:59:25

The operating system my web server runs on is (include version):

root@vps:/etc/letsencrypt# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 18.04.1 LTS
Release: 18.04
Codename: bionic

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):


You need to add both TXT records:

I only see one right now:
_acme-challenge.nawrocki.eu text =

If for any reason the second record overwrites the first one; so that only one record can exist at a time:
Try adding them both at the same time (with a line break between them).


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.