Let's Encrypt DNS verification fails (e.g., wildcard certificates), HTTP verification is OK?

Hi gang,

Interesting one this - just done a new install of Virtualmin 6.17 / Webmin 1.981 using the install script on a new CentOS 7.7 VPS.

I set up Webmin with a domain (l04.shelladdress.co.uk) and initially added a second domain (zoe.customtld.co.uk) as a sub-server, subsequently changing it to become a second top-level server.

Whatever I do, I can’t get LE Certbot to successfully add the appropriate DNS records for wildcard certificate requests.

It seems like the required _acme-challenge TXT record is never created in the zone, so the certbot verification fails. HTTP verifications work, though using this method I cannot request a certificate including a sub-server’s domain (or a wildcard SAN) at the same time as the primary domain. Both of those would be very convenient and would save on a certificate API request. I’ve already hit the failed requests rate limit twice today while testing :wink:

Here’s /var/log/letsencrypt/letsencrypt.log from one failed DNS attempt for a wildcard cert:

2021-09-26 10:35:37,927:DEBUG:certbot._internal.main:certbot version: 1.11.0
2021-09-26 10:35:37,927:DEBUG:certbot._internal.main:Location of certbot entry point: /bin/letsencrypt
2021-09-26 10:35:37,927:DEBUG:certbot._internal.main:Arguments: ['--manual', '-d', 'zoe.customtld.co.uk', '-d', '*.zoe.customtld.co.uk', '--preferred-challenges=dns', '--manual-auth-hook', '/etc/webmin/webmin/letsencrypt-dns.pl', '--manual-cleanup-hook', '/etc/webmin/webmin/letsencrypt-cleanup.pl', '--duplicate', '--force-renewal', '--non-interactive', '--agree-tos', '--config', '/tmp/.webmin/655625_15493_2_letsencrypt.cgi', '--rsa-key-size', '2048', '--cert-name', 'zoe.customtld.co.uk']
2021-09-26 10:35:37,927:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2021-09-26 10:35:37,957:DEBUG:certbot._internal.log:Root logging level set at 20
2021-09-26 10:35:37,957:INFO:certbot._internal.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2021-09-26 10:35:37,958:DEBUG:certbot._internal.plugins.selection:Requested authenticator manual and installer None
2021-09-26 10:35:37,960:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * manual
Description: Manual configuration or run your own shell scripts
Interfaces: IAuthenticator, IPlugin
Entry point: manual = certbot._internal.plugins.manual:Authenticator
Initialized: <certbot._internal.plugins.manual.Authenticator object at 0x7f59c4a608d0>
Prep: True
2021-09-26 10:35:37,960:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot._internal.plugins.manual.Authenticator object at 0x7f59c4a608d0> and installer None
2021-09-26 10:35:37,960:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator manual, Installer None
2021-09-26 10:35:37,993:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(status=None, terms_of_service_agreed=None, agreement=None, only_return_existing=None, contact=(), key=None, external_account_binding=None), uri=u'https://acme-v02.api.letsencrypt.org/acme/acct/215299190', new_authzr_uri=None, terms_of_service=None), aa7278a4ef534dc63f1ebc96dee8ac4f, Meta(creation_host=u'l04.shelladdress.co.uk', register_to_eff=None, creation_dt=datetime.datetime(2021, 9, 26, 9, 3, 45, tzinfo=<UTC>)))>
2021-09-26 10:35:38,001:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2021-09-26 10:35:38,014:INFO:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
2021-09-26 10:35:38,591:DEBUG:urllib3.connectionpool:"GET /directory HTTP/1.1" 200 658
2021-09-26 10:35:38,592:DEBUG:acme.client:Received response:
HTTP 200
content-length: 658
strict-transport-security: max-age=604800
server: nginx
connection: keep-alive
cache-control: public, max-age=0, no-cache
date: Sun, 26 Sep 2021 14:35:38 GMT
x-frame-options: DENY
content-type: application/json

{
  "dERvKRW81aA": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
    "website": "https://letsencrypt.org"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
2021-09-26 10:35:38,593:DEBUG:certbot.display.util:Notifying user: Requesting a certificate for zoe.customtld.co.uk and *.zoe.customtld.co.uk
2021-09-26 10:35:38,912:DEBUG:certbot.crypto_util:Generating RSA key (2048 bits): /etc/letsencrypt/keys/0017_key-certbot.pem
2021-09-26 10:35:38,914:DEBUG:certbot.crypto_util:Creating CSR: /etc/letsencrypt/csr/0017_csr-certbot.pem
2021-09-26 10:35:38,915:DEBUG:acme.client:Requesting fresh nonce
2021-09-26 10:35:38,915:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2021-09-26 10:35:39,058:DEBUG:urllib3.connectionpool:"HEAD /acme/new-nonce HTTP/1.1" 200 0
2021-09-26 10:35:39,059:DEBUG:acme.client:Received response:
HTTP 200
strict-transport-security: max-age=604800
server: nginx
connection: keep-alive
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
cache-control: public, max-age=0, no-cache
date: Sun, 26 Sep 2021 14:35:38 GMT
x-frame-options: DENY
replay-nonce: 0001fNhgn9-VO1Tonm5VMteJRcASbjpIfXH_Cv82yt5MD0c


2021-09-26 10:35:39,059:DEBUG:acme.client:Storing nonce: 0001fNhgn9-VO1Tonm5VMteJRcASbjpIfXH_Cv82yt5MD0c
2021-09-26 10:35:39,060:DEBUG:acme.client:JWS payload:
{
  "identifiers": [
    {
      "type": "dns", 
      "value": "zoe.customtld.co.uk"
    }, 
    {
      "type": "dns", 
      "value": "*.zoe.customtld.co.uk"
    }
  ]
}
2021-09-26 10:35:39,062:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
  "protected": "eyJub25jZSI6ICIwMDAxZk5oZ245LVZPMVRvbm01Vk10ZUpSY0FTYmpwSWZYSF9DdjgyeXQ1TUQwYyIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvbmV3LW9yZGVyIiwgImtpZCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hY2N0LzIxNTI5OTE5MCIsICJhbGciOiAiUlMyNTYifQ", 
  "payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwgCiAgICAgICJ2YWx1ZSI6ICJ6b2UuY3VzdG9tdGxkLmNvLnVrIgogICAgfSwgCiAgICB7CiAgICAgICJ0eXBlIjogImRucyIsIAogICAgICAidmFsdWUiOiAiKi56b2UuY3VzdG9tdGxkLmNvLnVrIgogICAgfQogIF0KfQ", 
  "signature": "DrcbII6UKdRwfyHSaAOAGrCt8YL12RDbDqQYpv6e2NeaRSjKLpN6FHi9V6Q2q5w9NkE98pd1CEQnKqi_xuHCCXgN0zvxT31j2CFD4aAM4phsGpczF9WbIrjxgM7vQ5c1d7gy9zpBCyRAJgeMG5VgxcA6Xfpy5kJwdRCz0gIAdZHLNQdDWa9w8CYQAxsXkm8VTW-zqhjrDT0KDwjSqbhUC5e6Pd_rtua_HAmwCs9G_YMSN6jZxGJ0z_2-4wFG4wyr15BJzLduFFapWLRiIJfHpGkuRlWvQdCRprcrxGp6fHTLUoB5IQdh9tXZaoRkTLOsjzsh_t3MICELVahwsRLXpw"
}
2021-09-26 10:35:39,274:DEBUG:urllib3.connectionpool:"POST /acme/new-order HTTP/1.1" 201 485
2021-09-26 10:35:39,274:DEBUG:acme.client:Received response:
HTTP 201
content-length: 485
cache-control: public, max-age=0, no-cache
strict-transport-security: max-age=604800
server: nginx
connection: keep-alive
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
location: https://acme-v02.api.letsencrypt.org/acme/order/215299190/27363014680
boulder-requester: 215299190
date: Sun, 26 Sep 2021 14:35:39 GMT
x-frame-options: DENY
content-type: application/json
replay-nonce: 0001JiEsylgeBlSeflVP3TJ1HRDw_aVc0W8B9AMbFSNvJl4

{
  "status": "pending",
  "expires": "2021-10-03T14:35:39Z",
  "identifiers": [
    {
      "type": "dns",
      "value": "*.zoe.customtld.co.uk"
    },
    {
      "type": "dns",
      "value": "zoe.customtld.co.uk"
    }
  ],
  "authorizations": [
    "https://acme-v02.api.letsencrypt.org/acme/authz-v3/34530451590",
    "https://acme-v02.api.letsencrypt.org/acme/authz-v3/34530451600"
  ],
  "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/215299190/27363014680"
}
2021-09-26 10:35:39,275:DEBUG:acme.client:Storing nonce: 0001JiEsylgeBlSeflVP3TJ1HRDw_aVc0W8B9AMbFSNvJl4
2021-09-26 10:35:39,275:DEBUG:acme.client:JWS payload:

2021-09-26 10:35:39,277:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/34530451590:
{
  "protected": "eyJub25jZSI6ICIwMDAxSmlFc3lsZ2VCbFNlZmxWUDNUSjFIUkR3X2FWYzBXOEI5QU1iRlNOdkpsNCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHotdjMvMzQ1MzA0NTE1OTAiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMjE1Mjk5MTkwIiwgImFsZyI6ICJSUzI1NiJ9", 
  "payload": "", 
  "signature": "xVRMY83kY9ZDA1DhwphEIi7IPbza3SIMaFbIrILGrVsYAKGzgBB09u7zatXBD9chSV3_6O51qnM42wTQAFBie8fwzYd826mHyBNhVEcWIR4PcUy8bqvf3q9FGyIrndon6zolHUTTDk7lnhY61ymEnglaE51nodDBiHZ2sD8aXEKrlDv_Zw2eC87lGuazqVDkN0lMFSJ5WJYeROXzwzHEZXYEwgfrz8enp6egh4b76P6ODehj5Npj0vAh_Xlglzntz9kMHuSwQxCyV3DRIVCSy6ZUtlP05ArqAFHrfzX2aA2gYaXsP3zXDaBtmuuiKtbsRpiATXssBKIeyvtFxLL4hg"
}
2021-09-26 10:35:39,424:DEBUG:urllib3.connectionpool:"POST /acme/authz-v3/34530451590 HTTP/1.1" 200 392
2021-09-26 10:35:39,425:DEBUG:acme.client:Received response:
HTTP 200
content-length: 392
cache-control: public, max-age=0, no-cache
strict-transport-security: max-age=604800
server: nginx
connection: keep-alive
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
boulder-requester: 215299190
date: Sun, 26 Sep 2021 14:35:39 GMT
x-frame-options: DENY
content-type: application/json
replay-nonce: 00018FN8oxueTqdRUc7wfrnpIJYbxXezCT-nPa-wth7oxSU

{
  "identifier": {
    "type": "dns",
    "value": "zoe.customtld.co.uk"
  },
  "status": "pending",
  "expires": "2021-10-03T14:35:39Z",
  "challenges": [
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/34530451590/ZF5GkA",
      "token": "QThYCNfzjtmelQhnEufv_ozPFXGCyxuFyJ7J3IKCjZ8"
    }
  ],
  "wildcard": true
}
2021-09-26 10:35:39,425:DEBUG:acme.client:Storing nonce: 00018FN8oxueTqdRUc7wfrnpIJYbxXezCT-nPa-wth7oxSU
2021-09-26 10:35:39,426:DEBUG:acme.client:JWS payload:

2021-09-26 10:35:39,428:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/34530451600:
{
  "protected": "eyJub25jZSI6ICIwMDAxOEZOOG94dWVUcWRSVWM3d2ZybnBJSllieFhlekNULW5QYS13dGg3b3hTVSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHotdjMvMzQ1MzA0NTE2MDAiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMjE1Mjk5MTkwIiwgImFsZyI6ICJSUzI1NiJ9", 
  "payload": "", 
  "signature": "PfFIN-OwH522SUjy36tgHSEulNW6CF5Gt35Bos_o6Y8WdTUIUXU77BUUiI60gGh-yF2ZV6uwPNZ7OsS0GlF6txF3rfQQSHtUYYNSHuFYTsb7-bS-uU3lIfIZh6xA4Wtvj0t76ilEVtnq4Zl8eV1lNE-qwx0vZ-gRMTOX4xjrulcheQUPa20xhPPilYqwmrZZlg1PTZFRai7dBTtf03WwEpfNLk-pzWnex9yKo9g-aMaF0Y11vDlW6OhM3Uv9vDfQEkXDvWPzgzrAmtQ5KzFCPijoLLvvUV4zzb0G1586QJzjenUB3dcIwA0vhgMRN7edezJSsw3EQcYuRK82Kkv9JQ"
}
2021-09-26 10:35:39,576:DEBUG:urllib3.connectionpool:"POST /acme/authz-v3/34530451600 HTTP/1.1" 200 800
2021-09-26 10:35:39,576:DEBUG:acme.client:Received response:
HTTP 200
content-length: 800
cache-control: public, max-age=0, no-cache
strict-transport-security: max-age=604800
server: nginx
connection: keep-alive
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
boulder-requester: 215299190
date: Sun, 26 Sep 2021 14:35:39 GMT
x-frame-options: DENY
content-type: application/json
replay-nonce: 0001qZ_PxKE5KsIkKG266VHSCWPBfx6qeJTABrZ6h6NDC5w

{
  "identifier": {
    "type": "dns",
    "value": "zoe.customtld.co.uk"
  },
  "status": "pending",
  "expires": "2021-10-03T14:35:39Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/34530451600/awVJfA",
      "token": "BBIE9WaUm622LMtKdWuAegTROLZYLhMafJJAU8gUdZw"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/34530451600/DLx06A",
      "token": "BBIE9WaUm622LMtKdWuAegTROLZYLhMafJJAU8gUdZw"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/34530451600/jzpk5w",
      "token": "BBIE9WaUm622LMtKdWuAegTROLZYLhMafJJAU8gUdZw"
    }
  ]
}
2021-09-26 10:35:39,577:DEBUG:acme.client:Storing nonce: 0001qZ_PxKE5KsIkKG266VHSCWPBfx6qeJTABrZ6h6NDC5w
2021-09-26 10:35:39,577:INFO:certbot._internal.auth_handler:Performing the following challenges:
2021-09-26 10:35:39,577:INFO:certbot._internal.auth_handler:dns-01 challenge for zoe.customtld.co.uk
2021-09-26 10:35:39,578:INFO:certbot._internal.auth_handler:dns-01 challenge for zoe.customtld.co.uk
2021-09-26 10:35:39,581:INFO:certbot.compat.misc:Running manual-auth-hook command: /etc/webmin/webmin/letsencrypt-dns.pl
2021-09-26 10:35:53,129:INFO:certbot.compat.misc:Running manual-auth-hook command: /etc/webmin/webmin/letsencrypt-dns.pl
2021-09-26 10:36:06,718:INFO:certbot._internal.auth_handler:Waiting for verification...
2021-09-26 10:36:06,719:DEBUG:acme.client:JWS payload:
{}
2021-09-26 10:36:06,721:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/34530451590/ZF5GkA:
{
  "protected": "eyJub25jZSI6ICIwMDAxcVpfUHhLRTVLc0lrS0cyNjZWSFNDV1BCZng2cWVKVEFCclo2aDZOREM1dyIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvY2hhbGwtdjMvMzQ1MzA0NTE1OTAvWkY1R2tBIiwgImtpZCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hY2N0LzIxNTI5OTE5MCIsICJhbGciOiAiUlMyNTYifQ", 
  "payload": "e30", 
  "signature": "Rvb747pU8aJbmLBPaiLcFD8UneqbF0j4rTeRkuA-bUU3Vuy1Lfp0MMEdqt2aUHn2tmqW-jfXn8qok3F-H3wpF9SLU46KLGEpAJKRkAhWkKT5MjmOybmKp3_kmIFnrGOyCkeEieVYgoj6eNIo-SNv-wjZHFbcRzOr_57CyLp4hw6RSUsHaXK-gZbqFmsKRDDICmq-yzGVF-jlY1WsvuTa3aqwDhPyG_w6rfI9wyW26bdCIB6EoaG9YnIPNmmIEwXbCa-hhLpyh-dDscMoFjI6ezO00HYvuckYxGcj5S3NALcTffuOTRKJu12-RLaNUf3sJkhAkvl8i8cXxuN-SbQ49w"
}
2021-09-26 10:36:06,887:DEBUG:urllib3.connectionpool:"POST /acme/chall-v3/34530451590/ZF5GkA HTTP/1.1" 200 185
2021-09-26 10:36:06,888:DEBUG:acme.client:Received response:
HTTP 200
content-length: 185
cache-control: public, max-age=0, no-cache
strict-transport-security: max-age=604800
server: nginx
connection: keep-alive
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-v02.api.letsencrypt.org/acme/authz-v3/34530451590>;rel="up"
location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/34530451590/ZF5GkA
boulder-requester: 215299190
date: Sun, 26 Sep 2021 14:36:06 GMT
x-frame-options: DENY
content-type: application/json
replay-nonce: 0001yjXent0-LjFJ9nwkfr0PEjjhma_RJFjkl5u_5BS5TJU

{
  "type": "dns-01",
  "status": "pending",
  "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/34530451590/ZF5GkA",
  "token": "QThYCNfzjtmelQhnEufv_ozPFXGCyxuFyJ7J3IKCjZ8"
}
2021-09-26 10:36:06,888:DEBUG:acme.client:Storing nonce: 0001yjXent0-LjFJ9nwkfr0PEjjhma_RJFjkl5u_5BS5TJU
2021-09-26 10:36:06,889:DEBUG:acme.client:JWS payload:
{}
2021-09-26 10:36:06,890:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/34530451600/DLx06A:
{
  "protected": "eyJub25jZSI6ICIwMDAxeWpYZW50MC1MakZKOW53a2ZyMFBFampobWFfUkpGamtsNXVfNUJTNVRKVSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvY2hhbGwtdjMvMzQ1MzA0NTE2MDAvREx4MDZBIiwgImtpZCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hY2N0LzIxNTI5OTE5MCIsICJhbGciOiAiUlMyNTYifQ", 
  "payload": "e30", 
  "signature": "eyw2rAOdQ37mMKr_5JfHw27RTGAeI_y8xcZY2fK0aEGJSBxQo7CUjdPaaMbAwOdqlbWfRkEgUlAwCqaVPqvB-fGVWsmTZVtwboEsh3o4oA9Yf2F-8-TxE5UNpfCDNHly0aue50eGlV9jfvTdFwbFb_6Sgv0levfd8iNEtzlsaxfskS4XE8lB6fXOi-6ojY_Yqm8sG26bedEbYfM_SumQe71Vo-J8V-iwuZEqYpO8ChF7eYetjGBWRq9bCSWaNJs7b4adg2K2wC-tVArPXTT8WUb0TV2kXtSUCgdQtlA25Q6eoihH2BCWenU09mNVeQc7Fh-ivr9D_NZ5z9NcV5QDqw"
}
2021-09-26 10:36:07,055:DEBUG:urllib3.connectionpool:"POST /acme/chall-v3/34530451600/DLx06A HTTP/1.1" 200 185
2021-09-26 10:36:07,056:DEBUG:acme.client:Received response:
HTTP 200
content-length: 185
cache-control: public, max-age=0, no-cache
strict-transport-security: max-age=604800
server: nginx
connection: keep-alive
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-v02.api.letsencrypt.org/acme/authz-v3/34530451600>;rel="up"
location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/34530451600/DLx06A
boulder-requester: 215299190
date: Sun, 26 Sep 2021 14:36:06 GMT
x-frame-options: DENY
content-type: application/json
replay-nonce: 00011CAbi8PonN0dzpQQ8uwRqAB9F29oMkadt9taSKHHwBE

{
  "type": "dns-01",
  "status": "pending",
  "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/34530451600/DLx06A",
  "token": "BBIE9WaUm622LMtKdWuAegTROLZYLhMafJJAU8gUdZw"
}
2021-09-26 10:36:07,056:DEBUG:acme.client:Storing nonce: 00011CAbi8PonN0dzpQQ8uwRqAB9F29oMkadt9taSKHHwBE
2021-09-26 10:36:08,058:DEBUG:acme.client:JWS payload:

2021-09-26 10:36:08,061:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/34530451590:
{
  "protected": "eyJub25jZSI6ICIwMDAxMUNBYmk4UG9uTjBkenBRUTh1d1JxQUI5RjI5b01rYWR0OXRhU0tISHdCRSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHotdjMvMzQ1MzA0NTE1OTAiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMjE1Mjk5MTkwIiwgImFsZyI6ICJSUzI1NiJ9", 
  "payload": "", 
  "signature": "0T8poiYNkRteR1bhrTRBs-j-7mY-wL0F_6mZBHZ75QmyKDXvKG7amhONaeiP69RU9A7PMoQ_LcTvFFPtpCi4AFs4w7gB8DJPevzRsuK38zl24z5wpRpUXj7HpTy-fZ6g---ZPKhunRlpAIPbczeX7_J69JO3KVSgN8ZDSU0sx3PtJ_mdd3Lm_4BVjXxHX7hZPyCVGiwPlLIqzDm6vedRdq97iFwbZaYaBFzTLsX6iug9TUV0KlmoHl4MaaMeNkLE2C9tbWlQCxIOe8foVSm-FSyOFP0jIygJREq4rhylSxMP_KQdopqg1TzPU0sz9oCnXKjHPCVMsRUW8h7DPQ_7zw"
}
2021-09-26 10:36:08,211:DEBUG:urllib3.connectionpool:"POST /acme/authz-v3/34530451590 HTTP/1.1" 200 392
2021-09-26 10:36:08,212:DEBUG:acme.client:Received response:
HTTP 200
content-length: 392
cache-control: public, max-age=0, no-cache
strict-transport-security: max-age=604800
server: nginx
connection: keep-alive
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
boulder-requester: 215299190
date: Sun, 26 Sep 2021 14:36:08 GMT
x-frame-options: DENY
content-type: application/json
replay-nonce: 0002SqarLW-E6EVdg4i-sQ9U2Anlq6IsF7m45PsWMNQbw1o

{
  "identifier": {
    "type": "dns",
    "value": "zoe.customtld.co.uk"
  },
  "status": "pending",
  "expires": "2021-10-03T14:35:39Z",
  "challenges": [
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/34530451590/ZF5GkA",
      "token": "QThYCNfzjtmelQhnEufv_ozPFXGCyxuFyJ7J3IKCjZ8"
    }
  ],
  "wildcard": true
}
2021-09-26 10:36:08,212:DEBUG:acme.client:Storing nonce: 0002SqarLW-E6EVdg4i-sQ9U2Anlq6IsF7m45PsWMNQbw1o
2021-09-26 10:36:08,213:DEBUG:acme.client:JWS payload:

2021-09-26 10:36:08,215:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/34530451600:
{
  "protected": "eyJub25jZSI6ICIwMDAyU3FhckxXLUU2RVZkZzRpLXNROVUyQW5scTZJc0Y3bTQ1UHNXTU5RYncxbyIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHotdjMvMzQ1MzA0NTE2MDAiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMjE1Mjk5MTkwIiwgImFsZyI6ICJSUzI1NiJ9", 
  "payload": "", 
  "signature": "u2QeyRHLAi5J5zzDVqQNb3lzNJcNDjFcLDqlMjf4ryTGZ6PCR7OhKMDJk0eRPeF-cUuBH5f42XvzA-rpHgBb0nt7LEcsqXrSBUiu_r01sEsFnPX2gQtXs5vN_9PlcvRkw_ZWieOtziN1BagO248XAoynjOrdPDbPipWwlApNxDsNCfFgqpfQ1KBo_1fBTnUQCuvI3z307tMiTqUc9Ah-hiKMF6k8Bg9PB6g5bLNa2UtQIsZJG_uromv1UxpdVONIDgtt0DvM9df0BrXNXHXiVWtxaBbXKELMzuune14XDRDwr4yl0Th28ApjreQThf3kP6v7AqQp7fGbPfc8dmAWiQ"
}
2021-09-26 10:36:08,365:DEBUG:urllib3.connectionpool:"POST /acme/authz-v3/34530451600 HTTP/1.1" 200 512
2021-09-26 10:36:08,366:DEBUG:acme.client:Received response:
HTTP 200
content-length: 512
cache-control: public, max-age=0, no-cache
strict-transport-security: max-age=604800
server: nginx
connection: keep-alive
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
boulder-requester: 215299190
date: Sun, 26 Sep 2021 14:36:08 GMT
x-frame-options: DENY
content-type: application/json
replay-nonce: 0002d-dTVS_sVWMM5CUAvXLAeoMajazsJEG0lt_vRJe3iDw

{
  "identifier": {
    "type": "dns",
    "value": "zoe.customtld.co.uk"
  },
  "status": "valid",
  "expires": "2021-10-26T14:36:07Z",
  "challenges": [
    {
      "type": "dns-01",
      "status": "valid",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/34530451600/DLx06A",
      "token": "BBIE9WaUm622LMtKdWuAegTROLZYLhMafJJAU8gUdZw",
      "validationRecord": [
        {
          "hostname": "zoe.customtld.co.uk"
        }
      ],
      "validated": "2021-09-26T14:36:06Z"
    }
  ]
}
2021-09-26 10:36:08,366:DEBUG:acme.client:Storing nonce: 0002d-dTVS_sVWMM5CUAvXLAeoMajazsJEG0lt_vRJe3iDw
2021-09-26 10:36:11,370:DEBUG:acme.client:JWS payload:

2021-09-26 10:36:11,373:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/34530451590:
{
  "protected": "eyJub25jZSI6ICIwMDAyZC1kVFZTX3NWV01NNUNVQXZYTEFlb01hamF6c0pFRzBsdF92UkplM2lEdyIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHotdjMvMzQ1MzA0NTE1OTAiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMjE1Mjk5MTkwIiwgImFsZyI6ICJSUzI1NiJ9", 
  "payload": "", 
  "signature": "lpCGVTj9uiyRKoC8zwuu-iprspRp40EL9Md6OT-Vrc8_n_fuw7VgElaV5ZPyKczuU7NzThmDprscRQNBGTYycnM7VZkjxcX92cjflMExTyMeZzv9rwxVDYUi0tjoKTrXXjYGqhrdPbz08yc8IeG7zs-3W-ta3cdRtEH3YJQCCOQQg2ohkAXVoO6i8HSNzyX0IHMd7PMRIkNu9Te7VARZks2BGz1ZnUqPHKfTgLHygCSBL7ZNvB1MgDOnNOHdQe-7is92Lj_1gxfVoznvuMZI50yR5Zj1W4IaDMQzRpLs__SrUWYV6sjpAZpDynK9mgr2dffvvWAGbFCQAnHPWfHsrQ"
}
2021-09-26 10:36:11,524:DEBUG:urllib3.connectionpool:"POST /acme/authz-v3/34530451590 HTTP/1.1" 200 677
2021-09-26 10:36:11,525:DEBUG:acme.client:Received response:
HTTP 200
content-length: 677
cache-control: public, max-age=0, no-cache
strict-transport-security: max-age=604800
server: nginx
connection: keep-alive
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
boulder-requester: 215299190
date: Sun, 26 Sep 2021 14:36:11 GMT
x-frame-options: DENY
content-type: application/json
replay-nonce: 0001CNKxqP0-W2MUVuQ61SJBWatvdbR1K9E_g0YaZYdxZzk

{
  "identifier": {
    "type": "dns",
    "value": "zoe.customtld.co.uk"
  },
  "status": "invalid",
  "expires": "2021-10-03T14:35:39Z",
  "challenges": [
    {
      "type": "dns-01",
      "status": "invalid",
      "error": {
        "type": "urn:ietf:params:acme:error:unauthorized",
        "detail": "Incorrect TXT record \"qqtO2hMAOOsjtBtXkUu85XhWDM3-MdFSRmN_lbNuOn0\" found at _acme-challenge.zoe.customtld.co.uk",
        "status": 403
      },
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/34530451590/ZF5GkA",
      "token": "QThYCNfzjtmelQhnEufv_ozPFXGCyxuFyJ7J3IKCjZ8",
      "validated": "2021-09-26T14:36:06Z"
    }
  ],
  "wildcard": true
}
2021-09-26 10:36:11,525:DEBUG:acme.client:Storing nonce: 0001CNKxqP0-W2MUVuQ61SJBWatvdbR1K9E_g0YaZYdxZzk
2021-09-26 10:36:11,526:WARNING:certbot._internal.auth_handler:Challenge failed for domain zoe.customtld.co.uk
2021-09-26 10:36:11,526:INFO:certbot._internal.auth_handler:dns-01 challenge for zoe.customtld.co.uk
2021-09-26 10:36:11,527:DEBUG:certbot._internal.reporter:Reporting to user: The following errors were reported by the server:

Domain: zoe.customtld.co.uk
Type:   unauthorized
Detail: Incorrect TXT record "qqtO2hMAOOsjtBtXkUu85XhWDM3-MdFSRmN_lbNuOn0" found at _acme-challenge.zoe.customtld.co.uk

To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address.
2021-09-26 10:36:11,527:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
  File "/usr/lib/python2.7/site-packages/certbot/_internal/auth_handler.py", line 91, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, best_effort)
  File "/usr/lib/python2.7/site-packages/certbot/_internal/auth_handler.py", line 180, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
AuthorizationError: Some challenges have failed.

2021-09-26 10:36:11,527:DEBUG:certbot._internal.error_handler:Calling registered functions
2021-09-26 10:36:11,527:INFO:certbot._internal.auth_handler:Cleaning up challenges
2021-09-26 10:36:11,528:INFO:certbot.compat.misc:Running manual-cleanup-hook command: /etc/webmin/webmin/letsencrypt-cleanup.pl
2021-09-26 10:36:15,068:INFO:certbot.compat.misc:Running manual-cleanup-hook command: /etc/webmin/webmin/letsencrypt-cleanup.pl
2021-09-26 10:36:18,645:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "/bin/letsencrypt", line 9, in <module>
    load_entry_point('certbot==1.11.0', 'console_scripts', 'certbot')()
  File "/usr/lib/python2.7/site-packages/certbot/main.py", line 15, in main
    return internal_main.main(cli_args)
  File "/usr/lib/python2.7/site-packages/certbot/_internal/main.py", line 1421, in main
    return config.func(config, plugins)
  File "/usr/lib/python2.7/site-packages/certbot/_internal/main.py", line 1294, in certonly
    lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
  File "/usr/lib/python2.7/site-packages/certbot/_internal/main.py", line 135, in _get_and_save_cert
    lineage = le_client.obtain_and_enroll_certificate(domains, certname)
  File "/usr/lib/python2.7/site-packages/certbot/_internal/client.py", line 441, in obtain_and_enroll_certificate
    cert, chain, key, _ = self.obtain_certificate(domains)
  File "/usr/lib/python2.7/site-packages/certbot/_internal/client.py", line 374, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
  File "/usr/lib/python2.7/site-packages/certbot/_internal/client.py", line 421, in _get_order_and_authorizations
    authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
  File "/usr/lib/python2.7/site-packages/certbot/_internal/auth_handler.py", line 91, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, best_effort)
  File "/usr/lib/python2.7/site-packages/certbot/_internal/auth_handler.py", line 180, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
AuthorizationError: Some challenges have failed.
2021-09-26 10:36:18,646:ERROR:certbot._internal.log:Some challenges have failed.

My suspicion was the zonefile wasn’t being updated for DNS based requests, but I didn’t have BIND logging enabled as thought it was by default. I’ve subsequently obtained individual certs for each domain using HTTP validation.

Is there any issue with Certbot’s ability to create DNS records for the dns-01 method? Does the challenge-response creation logic fail when you’re requesting a certificate including a domain which isn’t the ‘current’ domain/zone?

Should I still be able to request a cert containing multiple domains (i.e. “domain1.com, mail.domain1.com, domain2.com”) by specifying them in the request form field? I would have expected that to work with DNS verification.

Cheers,
Chris

Hit the character limit on the first post.

Here’s a request log for a cert covering l04.shelladdress.co.uk, *.l04.shelladdress.co.uk, zoe.customtld.co.uk which also failed:

2021-09-26 10:35:37,927:DEBUG:certbot._internal.main:certbot version: 1.11.0
2021-09-26 10:35:37,927:DEBUG:certbot._internal.main:Location of certbot entry point: /bin/letsencrypt
2021-09-26 10:35:37,927:DEBUG:certbot._internal.main:Arguments: ['--manual', '-d', 'zoe.customtld.co.uk', '-d', '*.zoe.customtld.co.uk', '--preferred-challenges=dns', '--manual-auth-hook', '/etc/webmin/webmin/letsencrypt-dns.pl', '--manual-cleanup-hook', '/etc/webmin/webmin/letsencrypt-cleanup.pl', '--duplicate', '--force-renewal', '--non-interactive', '--agree-tos', '--config', '/tmp/.webmin/655625_15493_2_letsencrypt.cgi', '--rsa-key-size', '2048', '--cert-name', 'zoe.customtld.co.uk']
2021-09-26 10:35:37,927:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2021-09-26 10:35:37,957:DEBUG:certbot._internal.log:Root logging level set at 20
2021-09-26 10:35:37,957:INFO:certbot._internal.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2021-09-26 10:35:37,958:DEBUG:certbot._internal.plugins.selection:Requested authenticator manual and installer None
2021-09-26 10:35:37,960:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * manual
Description: Manual configuration or run your own shell scripts
Interfaces: IAuthenticator, IPlugin
Entry point: manual = certbot._internal.plugins.manual:Authenticator
Initialized: <certbot._internal.plugins.manual.Authenticator object at 0x7f59c4a608d0>
Prep: True
2021-09-26 10:35:37,960:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot._internal.plugins.manual.Authenticator object at 0x7f59c4a608d0> and installer None
2021-09-26 10:35:37,960:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator manual, Installer None
2021-09-26 10:35:37,993:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(status=None, terms_of_service_agreed=None, agreement=None, only_return_existing=None, contact=(), key=None, external_account_binding=None), uri=u'https://acme-v02.api.letsencrypt.org/acme/acct/215299190', new_authzr_uri=None, terms_of_service=None), aa7278a4ef534dc63f1ebc96dee8ac4f, Meta(creation_host=u'l04.shelladdress.co.uk', register_to_eff=None, creation_dt=datetime.datetime(2021, 9, 26, 9, 3, 45, tzinfo=<UTC>)))>
2021-09-26 10:35:38,001:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2021-09-26 10:35:38,014:INFO:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
2021-09-26 10:35:38,591:DEBUG:urllib3.connectionpool:"GET /directory HTTP/1.1" 200 658
2021-09-26 10:35:38,592:DEBUG:acme.client:Received response:
HTTP 200
content-length: 658
strict-transport-security: max-age=604800
server: nginx
connection: keep-alive
cache-control: public, max-age=0, no-cache
date: Sun, 26 Sep 2021 14:35:38 GMT
x-frame-options: DENY
content-type: application/json

{
  "dERvKRW81aA": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
    "website": "https://letsencrypt.org"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
2021-09-26 10:35:38,593:DEBUG:certbot.display.util:Notifying user: Requesting a certificate for zoe.customtld.co.uk and *.zoe.customtld.co.uk
2021-09-26 10:35:38,912:DEBUG:certbot.crypto_util:Generating RSA key (2048 bits): /etc/letsencrypt/keys/0017_key-certbot.pem
2021-09-26 10:35:38,914:DEBUG:certbot.crypto_util:Creating CSR: /etc/letsencrypt/csr/0017_csr-certbot.pem
2021-09-26 10:35:38,915:DEBUG:acme.client:Requesting fresh nonce
2021-09-26 10:35:38,915:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2021-09-26 10:35:39,058:DEBUG:urllib3.connectionpool:"HEAD /acme/new-nonce HTTP/1.1" 200 0
2021-09-26 10:35:39,059:DEBUG:acme.client:Received response:
HTTP 200
strict-transport-security: max-age=604800
server: nginx
connection: keep-alive
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
cache-control: public, max-age=0, no-cache
date: Sun, 26 Sep 2021 14:35:38 GMT
x-frame-options: DENY
replay-nonce: 0001fNhgn9-VO1Tonm5VMteJRcASbjpIfXH_Cv82yt5MD0c


2021-09-26 10:35:39,059:DEBUG:acme.client:Storing nonce: 0001fNhgn9-VO1Tonm5VMteJRcASbjpIfXH_Cv82yt5MD0c
2021-09-26 10:35:39,060:DEBUG:acme.client:JWS payload:
{
  "identifiers": [
    {
      "type": "dns", 
      "value": "zoe.customtld.co.uk"
    }, 
    {
      "type": "dns", 
      "value": "*.zoe.customtld.co.uk"
    }
  ]
}
2021-09-26 10:35:39,062:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
  "protected": "eyJub25jZSI6ICIwMDAxZk5oZ245LVZPMVRvbm01Vk10ZUpSY0FTYmpwSWZYSF9DdjgyeXQ1TUQwYyIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvbmV3LW9yZGVyIiwgImtpZCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hY2N0LzIxNTI5OTE5MCIsICJhbGciOiAiUlMyNTYifQ", 
  "payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwgCiAgICAgICJ2YWx1ZSI6ICJ6b2UuY3VzdG9tdGxkLmNvLnVrIgogICAgfSwgCiAgICB7CiAgICAgICJ0eXBlIjogImRucyIsIAogICAgICAidmFsdWUiOiAiKi56b2UuY3VzdG9tdGxkLmNvLnVrIgogICAgfQogIF0KfQ", 
  "signature": "DrcbII6UKdRwfyHSaAOAGrCt8YL12RDbDqQYpv6e2NeaRSjKLpN6FHi9V6Q2q5w9NkE98pd1CEQnKqi_xuHCCXgN0zvxT31j2CFD4aAM4phsGpczF9WbIrjxgM7vQ5c1d7gy9zpBCyRAJgeMG5VgxcA6Xfpy5kJwdRCz0gIAdZHLNQdDWa9w8CYQAxsXkm8VTW-zqhjrDT0KDwjSqbhUC5e6Pd_rtua_HAmwCs9G_YMSN6jZxGJ0z_2-4wFG4wyr15BJzLduFFapWLRiIJfHpGkuRlWvQdCRprcrxGp6fHTLUoB5IQdh9tXZaoRkTLOsjzsh_t3MICELVahwsRLXpw"
}
2021-09-26 10:35:39,274:DEBUG:urllib3.connectionpool:"POST /acme/new-order HTTP/1.1" 201 485
2021-09-26 10:35:39,274:DEBUG:acme.client:Received response:
HTTP 201
content-length: 485
cache-control: public, max-age=0, no-cache
strict-transport-security: max-age=604800
server: nginx
connection: keep-alive
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
location: https://acme-v02.api.letsencrypt.org/acme/order/215299190/27363014680
boulder-requester: 215299190
date: Sun, 26 Sep 2021 14:35:39 GMT
x-frame-options: DENY
content-type: application/json
replay-nonce: 0001JiEsylgeBlSeflVP3TJ1HRDw_aVc0W8B9AMbFSNvJl4

{
  "status": "pending",
  "expires": "2021-10-03T14:35:39Z",
  "identifiers": [
    {
      "type": "dns",
      "value": "*.zoe.customtld.co.uk"
    },
    {
      "type": "dns",
      "value": "zoe.customtld.co.uk"
    }
  ],
  "authorizations": [
    "https://acme-v02.api.letsencrypt.org/acme/authz-v3/34530451590",
    "https://acme-v02.api.letsencrypt.org/acme/authz-v3/34530451600"
  ],
  "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/215299190/27363014680"
}
2021-09-26 10:35:39,275:DEBUG:acme.client:Storing nonce: 0001JiEsylgeBlSeflVP3TJ1HRDw_aVc0W8B9AMbFSNvJl4
2021-09-26 10:35:39,275:DEBUG:acme.client:JWS payload:

2021-09-26 10:35:39,277:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/34530451590:
{
  "protected": "eyJub25jZSI6ICIwMDAxSmlFc3lsZ2VCbFNlZmxWUDNUSjFIUkR3X2FWYzBXOEI5QU1iRlNOdkpsNCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHotdjMvMzQ1MzA0NTE1OTAiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMjE1Mjk5MTkwIiwgImFsZyI6ICJSUzI1NiJ9", 
  "payload": "", 
  "signature": "xVRMY83kY9ZDA1DhwphEIi7IPbza3SIMaFbIrILGrVsYAKGzgBB09u7zatXBD9chSV3_6O51qnM42wTQAFBie8fwzYd826mHyBNhVEcWIR4PcUy8bqvf3q9FGyIrndon6zolHUTTDk7lnhY61ymEnglaE51nodDBiHZ2sD8aXEKrlDv_Zw2eC87lGuazqVDkN0lMFSJ5WJYeROXzwzHEZXYEwgfrz8enp6egh4b76P6ODehj5Npj0vAh_Xlglzntz9kMHuSwQxCyV3DRIVCSy6ZUtlP05ArqAFHrfzX2aA2gYaXsP3zXDaBtmuuiKtbsRpiATXssBKIeyvtFxLL4hg"
}
2021-09-26 10:35:39,424:DEBUG:urllib3.connectionpool:"POST /acme/authz-v3/34530451590 HTTP/1.1" 200 392
2021-09-26 10:35:39,425:DEBUG:acme.client:Received response:
HTTP 200
content-length: 392
cache-control: public, max-age=0, no-cache
strict-transport-security: max-age=604800
server: nginx
connection: keep-alive
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
boulder-requester: 215299190
date: Sun, 26 Sep 2021 14:35:39 GMT
x-frame-options: DENY
content-type: application/json
replay-nonce: 00018FN8oxueTqdRUc7wfrnpIJYbxXezCT-nPa-wth7oxSU

{
  "identifier": {
    "type": "dns",
    "value": "zoe.customtld.co.uk"
  },
  "status": "pending",
  "expires": "2021-10-03T14:35:39Z",
  "challenges": [
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/34530451590/ZF5GkA",
      "token": "QThYCNfzjtmelQhnEufv_ozPFXGCyxuFyJ7J3IKCjZ8"
    }
  ],
  "wildcard": true
}
2021-09-26 10:35:39,425:DEBUG:acme.client:Storing nonce: 00018FN8oxueTqdRUc7wfrnpIJYbxXezCT-nPa-wth7oxSU
2021-09-26 10:35:39,426:DEBUG:acme.client:JWS payload:

2021-09-26 10:35:39,428:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/34530451600:
{
  "protected": "eyJub25jZSI6ICIwMDAxOEZOOG94dWVUcWRSVWM3d2ZybnBJSllieFhlekNULW5QYS13dGg3b3hTVSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHotdjMvMzQ1MzA0NTE2MDAiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMjE1Mjk5MTkwIiwgImFsZyI6ICJSUzI1NiJ9", 
  "payload": "", 
  "signature": "PfFIN-OwH522SUjy36tgHSEulNW6CF5Gt35Bos_o6Y8WdTUIUXU77BUUiI60gGh-yF2ZV6uwPNZ7OsS0GlF6txF3rfQQSHtUYYNSHuFYTsb7-bS-uU3lIfIZh6xA4Wtvj0t76ilEVtnq4Zl8eV1lNE-qwx0vZ-gRMTOX4xjrulcheQUPa20xhPPilYqwmrZZlg1PTZFRai7dBTtf03WwEpfNLk-pzWnex9yKo9g-aMaF0Y11vDlW6OhM3Uv9vDfQEkXDvWPzgzrAmtQ5KzFCPijoLLvvUV4zzb0G1586QJzjenUB3dcIwA0vhgMRN7edezJSsw3EQcYuRK82Kkv9JQ"
}
2021-09-26 10:35:39,576:DEBUG:urllib3.connectionpool:"POST /acme/authz-v3/34530451600 HTTP/1.1" 200 800
2021-09-26 10:35:39,576:DEBUG:acme.client:Received response:
HTTP 200
content-length: 800
cache-control: public, max-age=0, no-cache
strict-transport-security: max-age=604800
server: nginx
connection: keep-alive
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
boulder-requester: 215299190
date: Sun, 26 Sep 2021 14:35:39 GMT
x-frame-options: DENY
content-type: application/json
replay-nonce: 0001qZ_PxKE5KsIkKG266VHSCWPBfx6qeJTABrZ6h6NDC5w

{
  "identifier": {
    "type": "dns",
    "value": "zoe.customtld.co.uk"
  },
  "status": "pending",
  "expires": "2021-10-03T14:35:39Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/34530451600/awVJfA",
      "token": "BBIE9WaUm622LMtKdWuAegTROLZYLhMafJJAU8gUdZw"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/34530451600/DLx06A",
      "token": "BBIE9WaUm622LMtKdWuAegTROLZYLhMafJJAU8gUdZw"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/34530451600/jzpk5w",
      "token": "BBIE9WaUm622LMtKdWuAegTROLZYLhMafJJAU8gUdZw"
    }
  ]
}
2021-09-26 10:35:39,577:DEBUG:acme.client:Storing nonce: 0001qZ_PxKE5KsIkKG266VHSCWPBfx6qeJTABrZ6h6NDC5w
2021-09-26 10:35:39,577:INFO:certbot._internal.auth_handler:Performing the following challenges:
2021-09-26 10:35:39,577:INFO:certbot._internal.auth_handler:dns-01 challenge for zoe.customtld.co.uk
2021-09-26 10:35:39,578:INFO:certbot._internal.auth_handler:dns-01 challenge for zoe.customtld.co.uk
2021-09-26 10:35:39,581:INFO:certbot.compat.misc:Running manual-auth-hook command: /etc/webmin/webmin/letsencrypt-dns.pl
2021-09-26 10:35:53,129:INFO:certbot.compat.misc:Running manual-auth-hook command: /etc/webmin/webmin/letsencrypt-dns.pl
2021-09-26 10:36:06,718:INFO:certbot._internal.auth_handler:Waiting for verification...
2021-09-26 10:36:06,719:DEBUG:acme.client:JWS payload:
{}
2021-09-26 10:36:06,721:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/34530451590/ZF5GkA:
{
  "protected": "eyJub25jZSI6ICIwMDAxcVpfUHhLRTVLc0lrS0cyNjZWSFNDV1BCZng2cWVKVEFCclo2aDZOREM1dyIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvY2hhbGwtdjMvMzQ1MzA0NTE1OTAvWkY1R2tBIiwgImtpZCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hY2N0LzIxNTI5OTE5MCIsICJhbGciOiAiUlMyNTYifQ", 
  "payload": "e30", 
  "signature": "Rvb747pU8aJbmLBPaiLcFD8UneqbF0j4rTeRkuA-bUU3Vuy1Lfp0MMEdqt2aUHn2tmqW-jfXn8qok3F-H3wpF9SLU46KLGEpAJKRkAhWkKT5MjmOybmKp3_kmIFnrGOyCkeEieVYgoj6eNIo-SNv-wjZHFbcRzOr_57CyLp4hw6RSUsHaXK-gZbqFmsKRDDICmq-yzGVF-jlY1WsvuTa3aqwDhPyG_w6rfI9wyW26bdCIB6EoaG9YnIPNmmIEwXbCa-hhLpyh-dDscMoFjI6ezO00HYvuckYxGcj5S3NALcTffuOTRKJu12-RLaNUf3sJkhAkvl8i8cXxuN-SbQ49w"
}
2021-09-26 10:36:06,887:DEBUG:urllib3.connectionpool:"POST /acme/chall-v3/34530451590/ZF5GkA HTTP/1.1" 200 185
2021-09-26 10:36:06,888:DEBUG:acme.client:Received response:
HTTP 200
content-length: 185
cache-control: public, max-age=0, no-cache
strict-transport-security: max-age=604800
server: nginx
connection: keep-alive
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-v02.api.letsencrypt.org/acme/authz-v3/34530451590>;rel="up"
location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/34530451590/ZF5GkA
boulder-requester: 215299190
date: Sun, 26 Sep 2021 14:36:06 GMT
x-frame-options: DENY
content-type: application/json
replay-nonce: 0001yjXent0-LjFJ9nwkfr0PEjjhma_RJFjkl5u_5BS5TJU

{
  "type": "dns-01",
  "status": "pending",
  "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/34530451590/ZF5GkA",
  "token": "QThYCNfzjtmelQhnEufv_ozPFXGCyxuFyJ7J3IKCjZ8"
}
2021-09-26 10:36:06,888:DEBUG:acme.client:Storing nonce: 0001yjXent0-LjFJ9nwkfr0PEjjhma_RJFjkl5u_5BS5TJU
2021-09-26 10:36:06,889:DEBUG:acme.client:JWS payload:
{}
2021-09-26 10:36:06,890:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/34530451600/DLx06A:
{
  "protected": "eyJub25jZSI6ICIwMDAxeWpYZW50MC1MakZKOW53a2ZyMFBFampobWFfUkpGamtsNXVfNUJTNVRKVSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvY2hhbGwtdjMvMzQ1MzA0NTE2MDAvREx4MDZBIiwgImtpZCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hY2N0LzIxNTI5OTE5MCIsICJhbGciOiAiUlMyNTYifQ", 
  "payload": "e30", 
  "signature": "eyw2rAOdQ37mMKr_5JfHw27RTGAeI_y8xcZY2fK0aEGJSBxQo7CUjdPaaMbAwOdqlbWfRkEgUlAwCqaVPqvB-fGVWsmTZVtwboEsh3o4oA9Yf2F-8-TxE5UNpfCDNHly0aue50eGlV9jfvTdFwbFb_6Sgv0levfd8iNEtzlsaxfskS4XE8lB6fXOi-6ojY_Yqm8sG26bedEbYfM_SumQe71Vo-J8V-iwuZEqYpO8ChF7eYetjGBWRq9bCSWaNJs7b4adg2K2wC-tVArPXTT8WUb0TV2kXtSUCgdQtlA25Q6eoihH2BCWenU09mNVeQc7Fh-ivr9D_NZ5z9NcV5QDqw"
}
2021-09-26 10:36:07,055:DEBUG:urllib3.connectionpool:"POST /acme/chall-v3/34530451600/DLx06A HTTP/1.1" 200 185
2021-09-26 10:36:07,056:DEBUG:acme.client:Received response:
HTTP 200
content-length: 185
cache-control: public, max-age=0, no-cache
strict-transport-security: max-age=604800
server: nginx
connection: keep-alive
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-v02.api.letsencrypt.org/acme/authz-v3/34530451600>;rel="up"
location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/34530451600/DLx06A
boulder-requester: 215299190
date: Sun, 26 Sep 2021 14:36:06 GMT
x-frame-options: DENY
content-type: application/json
replay-nonce: 00011CAbi8PonN0dzpQQ8uwRqAB9F29oMkadt9taSKHHwBE

{
  "type": "dns-01",
  "status": "pending",
  "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/34530451600/DLx06A",
  "token": "BBIE9WaUm622LMtKdWuAegTROLZYLhMafJJAU8gUdZw"
}
2021-09-26 10:36:07,056:DEBUG:acme.client:Storing nonce: 00011CAbi8PonN0dzpQQ8uwRqAB9F29oMkadt9taSKHHwBE
2021-09-26 10:36:08,058:DEBUG:acme.client:JWS payload:

2021-09-26 10:36:08,061:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/34530451590:
{
  "protected": "eyJub25jZSI6ICIwMDAxMUNBYmk4UG9uTjBkenBRUTh1d1JxQUI5RjI5b01rYWR0OXRhU0tISHdCRSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHotdjMvMzQ1MzA0NTE1OTAiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMjE1Mjk5MTkwIiwgImFsZyI6ICJSUzI1NiJ9", 
  "payload": "", 
  "signature": "0T8poiYNkRteR1bhrTRBs-j-7mY-wL0F_6mZBHZ75QmyKDXvKG7amhONaeiP69RU9A7PMoQ_LcTvFFPtpCi4AFs4w7gB8DJPevzRsuK38zl24z5wpRpUXj7HpTy-fZ6g---ZPKhunRlpAIPbczeX7_J69JO3KVSgN8ZDSU0sx3PtJ_mdd3Lm_4BVjXxHX7hZPyCVGiwPlLIqzDm6vedRdq97iFwbZaYaBFzTLsX6iug9TUV0KlmoHl4MaaMeNkLE2C9tbWlQCxIOe8foVSm-FSyOFP0jIygJREq4rhylSxMP_KQdopqg1TzPU0sz9oCnXKjHPCVMsRUW8h7DPQ_7zw"
}
2021-09-26 10:36:08,211:DEBUG:urllib3.connectionpool:"POST /acme/authz-v3/34530451590 HTTP/1.1" 200 392
2021-09-26 10:36:08,212:DEBUG:acme.client:Received response:
HTTP 200
content-length: 392
cache-control: public, max-age=0, no-cache
strict-transport-security: max-age=604800
server: nginx
connection: keep-alive
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
boulder-requester: 215299190
date: Sun, 26 Sep 2021 14:36:08 GMT
x-frame-options: DENY
content-type: application/json
replay-nonce: 0002SqarLW-E6EVdg4i-sQ9U2Anlq6IsF7m45PsWMNQbw1o

{
  "identifier": {
    "type": "dns",
    "value": "zoe.customtld.co.uk"
  },
  "status": "pending",
  "expires": "2021-10-03T14:35:39Z",
  "challenges": [
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/34530451590/ZF5GkA",
      "token": "QThYCNfzjtmelQhnEufv_ozPFXGCyxuFyJ7J3IKCjZ8"
    }
  ],
  "wildcard": true
}
2021-09-26 10:36:08,212:DEBUG:acme.client:Storing nonce: 0002SqarLW-E6EVdg4i-sQ9U2Anlq6IsF7m45PsWMNQbw1o
2021-09-26 10:36:08,213:DEBUG:acme.client:JWS payload:

2021-09-26 10:36:08,215:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/34530451600:
{
  "protected": "eyJub25jZSI6ICIwMDAyU3FhckxXLUU2RVZkZzRpLXNROVUyQW5scTZJc0Y3bTQ1UHNXTU5RYncxbyIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHotdjMvMzQ1MzA0NTE2MDAiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMjE1Mjk5MTkwIiwgImFsZyI6ICJSUzI1NiJ9", 
  "payload": "", 
  "signature": "u2QeyRHLAi5J5zzDVqQNb3lzNJcNDjFcLDqlMjf4ryTGZ6PCR7OhKMDJk0eRPeF-cUuBH5f42XvzA-rpHgBb0nt7LEcsqXrSBUiu_r01sEsFnPX2gQtXs5vN_9PlcvRkw_ZWieOtziN1BagO248XAoynjOrdPDbPipWwlApNxDsNCfFgqpfQ1KBo_1fBTnUQCuvI3z307tMiTqUc9Ah-hiKMF6k8Bg9PB6g5bLNa2UtQIsZJG_uromv1UxpdVONIDgtt0DvM9df0BrXNXHXiVWtxaBbXKELMzuune14XDRDwr4yl0Th28ApjreQThf3kP6v7AqQp7fGbPfc8dmAWiQ"
}
2021-09-26 10:36:08,365:DEBUG:urllib3.connectionpool:"POST /acme/authz-v3/34530451600 HTTP/1.1" 200 512
2021-09-26 10:36:08,366:DEBUG:acme.client:Received response:
HTTP 200
content-length: 512
cache-control: public, max-age=0, no-cache
strict-transport-security: max-age=604800
server: nginx
connection: keep-alive
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
boulder-requester: 215299190
date: Sun, 26 Sep 2021 14:36:08 GMT
x-frame-options: DENY
content-type: application/json
replay-nonce: 0002d-dTVS_sVWMM5CUAvXLAeoMajazsJEG0lt_vRJe3iDw

{
  "identifier": {
    "type": "dns",
    "value": "zoe.customtld.co.uk"
  },
  "status": "valid",
  "expires": "2021-10-26T14:36:07Z",
  "challenges": [
    {
      "type": "dns-01",
      "status": "valid",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/34530451600/DLx06A",
      "token": "BBIE9WaUm622LMtKdWuAegTROLZYLhMafJJAU8gUdZw",
      "validationRecord": [
        {
          "hostname": "zoe.customtld.co.uk"
        }
      ],
      "validated": "2021-09-26T14:36:06Z"
    }
  ]
}
2021-09-26 10:36:08,366:DEBUG:acme.client:Storing nonce: 0002d-dTVS_sVWMM5CUAvXLAeoMajazsJEG0lt_vRJe3iDw
2021-09-26 10:36:11,370:DEBUG:acme.client:JWS payload:

2021-09-26 10:36:11,373:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/34530451590:
{
  "protected": "eyJub25jZSI6ICIwMDAyZC1kVFZTX3NWV01NNUNVQXZYTEFlb01hamF6c0pFRzBsdF92UkplM2lEdyIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHotdjMvMzQ1MzA0NTE1OTAiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMjE1Mjk5MTkwIiwgImFsZyI6ICJSUzI1NiJ9", 
  "payload": "", 
  "signature": "lpCGVTj9uiyRKoC8zwuu-iprspRp40EL9Md6OT-Vrc8_n_fuw7VgElaV5ZPyKczuU7NzThmDprscRQNBGTYycnM7VZkjxcX92cjflMExTyMeZzv9rwxVDYUi0tjoKTrXXjYGqhrdPbz08yc8IeG7zs-3W-ta3cdRtEH3YJQCCOQQg2ohkAXVoO6i8HSNzyX0IHMd7PMRIkNu9Te7VARZks2BGz1ZnUqPHKfTgLHygCSBL7ZNvB1MgDOnNOHdQe-7is92Lj_1gxfVoznvuMZI50yR5Zj1W4IaDMQzRpLs__SrUWYV6sjpAZpDynK9mgr2dffvvWAGbFCQAnHPWfHsrQ"
}
2021-09-26 10:36:11,524:DEBUG:urllib3.connectionpool:"POST /acme/authz-v3/34530451590 HTTP/1.1" 200 677
2021-09-26 10:36:11,525:DEBUG:acme.client:Received response:
HTTP 200
content-length: 677
cache-control: public, max-age=0, no-cache
strict-transport-security: max-age=604800
server: nginx
connection: keep-alive
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
boulder-requester: 215299190
date: Sun, 26 Sep 2021 14:36:11 GMT
x-frame-options: DENY
content-type: application/json
replay-nonce: 0001CNKxqP0-W2MUVuQ61SJBWatvdbR1K9E_g0YaZYdxZzk

{
  "identifier": {
    "type": "dns",
    "value": "zoe.customtld.co.uk"
  },
  "status": "invalid",
  "expires": "2021-10-03T14:35:39Z",
  "challenges": [
    {
      "type": "dns-01",
      "status": "invalid",
      "error": {
        "type": "urn:ietf:params:acme:error:unauthorized",
        "detail": "Incorrect TXT record \"qqtO2hMAOOsjtBtXkUu85XhWDM3-MdFSRmN_lbNuOn0\" found at _acme-challenge.zoe.customtld.co.uk",
        "status": 403
      },
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/34530451590/ZF5GkA",
      "token": "QThYCNfzjtmelQhnEufv_ozPFXGCyxuFyJ7J3IKCjZ8",
      "validated": "2021-09-26T14:36:06Z"
    }
  ],
  "wildcard": true
}
2021-09-26 10:36:11,525:DEBUG:acme.client:Storing nonce: 0001CNKxqP0-W2MUVuQ61SJBWatvdbR1K9E_g0YaZYdxZzk
2021-09-26 10:36:11,526:WARNING:certbot._internal.auth_handler:Challenge failed for domain zoe.customtld.co.uk
2021-09-26 10:36:11,526:INFO:certbot._internal.auth_handler:dns-01 challenge for zoe.customtld.co.uk
2021-09-26 10:36:11,527:DEBUG:certbot._internal.reporter:Reporting to user: The following errors were reported by the server:

Domain: zoe.customtld.co.uk
Type:   unauthorized
Detail: Incorrect TXT record "qqtO2hMAOOsjtBtXkUu85XhWDM3-MdFSRmN_lbNuOn0" found at _acme-challenge.zoe.customtld.co.uk

To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address.
2021-09-26 10:36:11,527:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
  File "/usr/lib/python2.7/site-packages/certbot/_internal/auth_handler.py", line 91, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, best_effort)
  File "/usr/lib/python2.7/site-packages/certbot/_internal/auth_handler.py", line 180, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
AuthorizationError: Some challenges have failed.

2021-09-26 10:36:11,527:DEBUG:certbot._internal.error_handler:Calling registered functions
2021-09-26 10:36:11,527:INFO:certbot._internal.auth_handler:Cleaning up challenges
2021-09-26 10:36:11,528:INFO:certbot.compat.misc:Running manual-cleanup-hook command: /etc/webmin/webmin/letsencrypt-cleanup.pl
2021-09-26 10:36:15,068:INFO:certbot.compat.misc:Running manual-cleanup-hook command: /etc/webmin/webmin/letsencrypt-cleanup.pl
2021-09-26 10:36:18,645:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "/bin/letsencrypt", line 9, in <module>
    load_entry_point('certbot==1.11.0', 'console_scripts', 'certbot')()
  File "/usr/lib/python2.7/site-packages/certbot/main.py", line 15, in main
    return internal_main.main(cli_args)
  File "/usr/lib/python2.7/site-packages/certbot/_internal/main.py", line 1421, in main
    return config.func(config, plugins)
  File "/usr/lib/python2.7/site-packages/certbot/_internal/main.py", line 1294, in certonly
    lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
  File "/usr/lib/python2.7/site-packages/certbot/_internal/main.py", line 135, in _get_and_save_cert
    lineage = le_client.obtain_and_enroll_certificate(domains, certname)
  File "/usr/lib/python2.7/site-packages/certbot/_internal/client.py", line 441, in obtain_and_enroll_certificate
    cert, chain, key, _ = self.obtain_certificate(domains)
  File "/usr/lib/python2.7/site-packages/certbot/_internal/client.py", line 374, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
  File "/usr/lib/python2.7/site-packages/certbot/_internal/client.py", line 421, in _get_order_and_authorizations
    authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
  File "/usr/lib/python2.7/site-packages/certbot/_internal/auth_handler.py", line 91, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, best_effort)
  File "/usr/lib/python2.7/site-packages/certbot/_internal/auth_handler.py", line 180, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
AuthorizationError: Some challenges have failed.
2021-09-26 10:36:18,646:ERROR:certbot._internal.log:Some challenges have failed.

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.