|OS type and version
I’m able to issue a “regular” let’s encrypt certificate for my domain keys-server.com and seriousweb.dev (the latter shows no error, but is not working in the browser).
I’m getting this error when requesting a Lets’Encrypt wildcard certificate:
The following errors were reported by the server:
Detail: No TXT record found at _acme-challenge.keys-server.com
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
Where can I find the challenge that I must add on the external DNS records. my nameserver is at namesilo.
Thanks for your help
in the Letsencrypt page what names are you requesting for as i don’t see a A record for www
all names need a A record
That’s the DNS validation attempt. The more interesting error for most users is the web validation request.
If Virtualmin is not managing your DNS you cannot use DNS validation, but if you fix your DNS A records (or don’t request certs for names that don’t have A records), you won’t have to. Web validation is the preferred validation method for most users.
the OP wants a wildcard – LetsEncrypt only supports DNS validation for wildcards
Thats not right at all.
this domain has 2 names , there have been numerous post about staying away from wildcards
Oh, sorry, you’re right. OP does mention they’re requesting a wildcard, I missed that.
In that case, OP can’t do that. Virtualmin is not managing their DNS, as far as I can tell. You cannot get a wildcard certificate in Virtualmin unless Virtualmin is managing DNS. It’ll have to be done with the Let’s Encrypt command line client. (Edit: Also, OP, you should tell Virtualmin it is not managing your DNS. It thinks it is, so it’s allowing you to try to do something that it can’t possibly do. Turn off features you aren’t using in Features and Plugins.)
But, also, you should not get a wildcard certificate unless you really can’t do what you need to do any other way. Let’s Encrypt certificates are free and very easy to request, there is no good reason I can come up with to use a wildcard. There are security implications to wildcards and they are harder to validate (unless Virtualmin is managing DNS).
thank you guys for your help. The wildcard is mentioned in my question. Regular certificate works fine to issue (but not actually in the browswer), wildcard does not even issue.
I do have www in my dns records Screenshot by Lightshot
The reason I tried to get a wildcard certificate on the root domain keys-server.com is because the let’s encrypt on the subdomain kd.keys-server.com is not working.
It shows ok Screenshot by Lightshot
when I request the cert again like this Screenshot by Lightshot it shows success Screenshot by Lightshot but the page in the browser shows an invalid certificate Screenshot by Lightshot
The main domain of this server is seriousweb.dev and the only site with a cert that works now is https://blue.seriousweb.dev/ . This used to work flawlessly in the past…
What else should I do? I don’t care about using wildcard certificate at this stage, I can request a cert for each subdomain, I just need the subserver kd.keys-server.com to have a valid ssl …
You cannot issue a wildcard cert using Virtualmin if Virtualmin is not managing your DNS, as I said above.
It only offers the option because it thinks it is managing your DNS. You should fix that (turn off the DNS feature in Virtualmin, if you aren’t managing DNS with Virtualmin).
There is no reason, in your case to use wildcard certs, though. Just get a cert for each domain.
thanks for your comments. Pls. read my reply. I don’t care about wildcard certificate, I just want a certificate for the sub domain that works!
I have not changed anything DNS settings, if I need to disable something, pls tell me exactly where (and how to get there).
Clear the cache from your browser. https://kd.keys-server.com worked on my end…
Edit: It did work at one point. Now goes to https://blue.seriousweb.dev/
Perhaps it’s something in the Apache config that isn’t registering correctly.
you have to make needed records for the subdomain. like kd and www.kd mail.kd
Hi thanks for the tip.
I added kd. DNS records on name silo and that did the trick.
This topic was automatically closed 8 days after the last reply. New replies are no longer allowed.