Wildcard certificates for INWX, shared secret missing

Help
1

My domain is:

korimort.at

I ran this command:

certbot run --authenticator dns-inwx --dns-inwx-credentials /etc/letsencrypt/inwx.cfg --installer nginx -d korimort.at -d "*.korimort.at" -v

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator dns-inwx, Installer nginx
Requesting a certificate for korimort.at and *.korimort.at
Performing the following challenges:
dns-01 challenge for Identifier(typ=IdentifierType(dns), value='korimort.at')
Cleaning up challenges
Missing property in credentials configuration file /etc/letsencrypt/inwx.cfg:

  • Property "dns_inwx_shared_secret" not set (should be Optional shared secret code for the two-factor authentication assigned to the INWX API account.).
    Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

My web server is (include version):

nginx/1.26.3

The operating system my web server runs on is (include version):

Linux version 6.12.75+rpt-rpi-v8 (serge@raspberrypi.com) (aarch64-linux-gnu-gcc-14 (Debian 14.2.0-19) 14.2.0, GNU ld (GNU Binutils for Debian) 2.44) #1 SMP PREEMPT Debian 1:6.12.75-1+rpt1 (2026-03-11)

My hosting provider, if applicable, is:

INWX: https://www.inwx.de/

I can login to a root shell on my machine (yes or no, or I don't know):

Yes.

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

CLI

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

certbot 5.4.0

my inwx.cfg file looks like this:

dns_inwx_url = https://api.domrobot.com/xmlrpc/
dns_inwx_username = XXXXXXX
dns_inwx_password = YYYYYYY
dns_inwx_shared_secret =

log file output:

2026-03-26 10:07:29,411:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz/3153963201/678773151091 HTTP/1.1" 200 393
2026-03-26 10:07:29,411:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 26 Mar 2026 09:07:29 GMT
Content-Type: application/json
Content-Length: 393
Connection: keep-alive
Boulder-Requester: 3153963201
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: tWo_Kf9RjibLVB5235J0b8RbetItW1htojcoHtddjNN1wDUMMHU
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"identifier": {
"type": "dns",
"value": "korimort.at"
},
"status": "pending",
"expires": "2026-04-02T08:09:59Z",
"challenges": [
{
"type": "dns-01",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall/3153963201/678773151091/jpMmpQ",
"status": "pending",
"token": "hbfIAMwgXN_vbPiUKJDfBuF8k8nR-57puQkYQJMd-a8"
}
],
"wildcard": true
}
2026-03-26 10:07:29,412:DEBUG:acme.client:Storing nonce: tWo_Kf9RjibLVB5235J0b8RbetItW1htojcoHtddjNN1wDUMMHU
2026-03-26 10:07:29,412:INFO:certbot._internal.auth_handler:Performing the following challenges:
2026-03-26 10:07:29,413:INFO:certbot._internal.auth_handler:dns-01 challenge for Identifier(typ=IdentifierType(dns), value='korimort.at')
2026-03-26 10:07:29,416:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
File "/snap/certbot/5452/lib/python3.12/site-packages/certbot/_internal/auth_handler.py", line 84, in handle_authorizations
resps = self.auth.perform(achalls)
^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/snap/certbot/5452/lib/python3.12/site-packages/certbot/plugins/dns_common.py", line 68, in perform
self._setup_credentials()
File "/snap/certbot-dns-inwx/current/lib/python3.12/site-packages/certbot_dns_inwx/_internal/dns_inwx.py", line 60, in _setup_credentials
self.credentials = self._configure_credentials(
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/snap/certbot/5452/lib/python3.12/site-packages/certbot/plugins/dns_common.py", line 199, in _configure_credentials
credentials_configuration.require(required_variables)
File "/snap/certbot/5452/lib/python3.12/site-packages/certbot/plugins/dns_common.py", line 309, in require
raise errors.PluginError(
certbot.errors.PluginError: Missing property in credentials configuration file /etc/letsencrypt/inwx.cfg:

  • Property "dns_inwx_shared_secret" not set (should be Optional shared secret code for the two-factor authentication assigned to the INWX API account.).

2026-03-26 10:07:29,417:DEBUG:certbot._internal.error_handler:Calling registered functions
2026-03-26 10:07:29,417:INFO:certbot._internal.auth_handler:Cleaning up challenges
2026-03-26 10:07:29,417:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
File "/snap/certbot/5452/bin/certbot", line 6, in
sys.exit(main())
^^^^^^
File "/snap/certbot/5452/lib/python3.12/site-packages/certbot/main.py", line 18, in main
return internal_main.main(cli_args)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/snap/certbot/5452/lib/python3.12/site-packages/certbot/_internal/main.py", line 1886, in main
return config.func(config, plugins)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/snap/certbot/5452/lib/python3.12/site-packages/certbot/_internal/main.py", line 1446, in run
new_lineage = _get_and_save_cert(le_client, config, sans,
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/snap/certbot/5452/lib/python3.12/site-packages/certbot/_internal/main.py", line 143, in _get_and_save_cert
lineage = le_client.obtain_and_enroll_certificate(sans, certname)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/snap/certbot/5452/lib/python3.12/site-packages/certbot/_internal/client.py", line 533, in obtain_and_enroll_certificate
cert, chain, key, _ = self.obtain_certificate(sans)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/snap/certbot/5452/lib/python3.12/site-packages/certbot/_internal/client.py", line 434, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/snap/certbot/5452/lib/python3.12/site-packages/certbot/_internal/client.py", line 512, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/snap/certbot/5452/lib/python3.12/site-packages/certbot/_internal/auth_handler.py", line 84, in handle_authorizations
resps = self.auth.perform(achalls)
^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/snap/certbot/5452/lib/python3.12/site-packages/certbot/plugins/dns_common.py", line 68, in perform
self._setup_credentials()
File "/snap/certbot-dns-inwx/current/lib/python3.12/site-packages/certbot_dns_inwx/_internal/dns_inwx.py", line 60, in _setup_credentials
self.credentials = self._configure_credentials(
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/snap/certbot/5452/lib/python3.12/site-packages/certbot/plugins/dns_common.py", line 199, in _configure_credentials
credentials_configuration.require(required_variables)
File "/snap/certbot/5452/lib/python3.12/site-packages/certbot/plugins/dns_common.py", line 309, in require
raise errors.PluginError(
certbot.errors.PluginError: Missing property in credentials configuration file /etc/letsencrypt/inwx.cfg:

  • Property "dns_inwx_shared_secret" not set (should be Optional shared secret code for the two-factor authentication assigned to the INWX API account.).
    2026-03-26 10:07:29,422:ERROR:certbot._internal.log:Missing property in credentials configuration file /etc/letsencrypt/inwx.cfg:
  • Property "dns_inwx_shared_secret" not set (should be Optional shared secret code for the two-factor authentication assigned to the INWX API account.).
2

You may need to set that to some (fake) value even with 2FA disabled. See these related reports about that option. If that still does not work you would be better off posting on the github for that inwx plugin. The developers of that would need to address this problem

1 Like