Requesting a certificate from Let's Encrypt .. .. request failed : DNS-based validation failed

SYSTEM INFORMATION

OS type and version: CentOS Linux 7.9.2009
Webmin version: 1.994
Virtualmin version: 7.1
Related products version: Apache 2.4.6
Related products version: BIND 9.11

Hello all.
I was trying to configure an email from the vps to work via GMail, unsuccessfully, after a couple adjustments the Email Server was able to pass the diagnostics of: MXToolBox and intoDNS . Then I realized that the first time I requested the Let’s encrypt certificate, I missed the mail.mydomain.com. So I requested via Virtualmin, the Certificate again including mail.mydomain.com but it failed with this error:

Requesting a certificate for mydomain.com *.mydomain.com from Let’s Encrypt …
… request failed : DNS-based validation failed

Following several post on the topic I:
1.- added A register for server host
2.- added in .htaccess:
RewriteCond %{HTTP_HOST} =www.mydomain.com
RewriteRule ^(.*) https://mydomain.com/ [R=301,L]

But I still get:

Requesting a certificate for mydomain.com *.mydomain.com from Let’s Encrypt …
… request failed : DNS-based validation failed

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Renewing an existing certificate
Performing the following challenges:
dns-01 challenge for mydomain.com
Cleaning up challenges
Encountered exception during recovery: 
Traceback (most recent call last):
  File "/usr/lib/python2.7/site-packages/certbot/_internal/error_handler.py", line 125, in _call_registered
    self.funcs[-1]()
  File "/usr/lib/python2.7/site-packages/certbot/_internal/auth_handler.py", line 243, in _cleanup_challenges
    self.auth.cleanup(achalls)
  File "/usr/lib/python2.7/site-packages/certbot/_internal/plugins/manual.py", line 182, in cleanup
    env = self.env.pop(achall)
KeyError: KeyAuthorizationAnnotatedChallenge(challb=ChallengeBody(chall=DNS01(token=';\xc1o\x02\x7f\x17@\n$\x95sM\x93w\xbaW\xf3\xea\x1d\xa7\xa4z\x829\xc2\x07\xad{\x1bz\xdeI'), status=Status(pending), uri=u'https://acme-v02.api.letsencrypt.org/acme/chall-v3/167233517872/f_8zqQ', validated=None, _url=u'https://acme-v02.api.letsencrypt.org/acme/chall-v3/167233517872/f_8zqQ', error=None), domain=u'mydomain.com', account_key=JWKRSA(key=<ComparableRSAKey(<cryptography.hazmat.backends.openssl.rsa._RSAPrivateKey object at 0x7fa19b7caad0>)>))
Missing command line flag or config entry for this setting:
NOTE: The IP of this machine will be publicly logged as having requested this certificate. If you're running certbot in manual mode on a machine that is not your server, please ensure you're okay with that.

Are you OK with your IP being logged?

(You can set this with the --manual-public-ip-logging-ok flag

Any Idea to find a solution?
Thanks and regards
joejac

@joejac,

Explain what you mean “via Gmail”.

*** Professional, Affordable, Trusted Technical Assistance – tpnAssist.com ***

Hello @tpnsolutions It is using GMail to send and receive from other email accounts, like explained in this article, I get the error while configuring “Send mail as”

¿Any Idea?
Thanks and regards
joejac

you are requesting a wildcard certificate.

With a normal cert Let’s Encrypt tests if you really own the domein name by placing and reading a little file on the website.

With a wildcard cert Let’s Encrypt cheks the request by looking for a
TXT record with the name: _acme-challenge.domain.com

This error has nothing to do with gmail, but with you requesting a wildcard and not having the needed dns record.

I thought the error was pretty clear:

“… request failed : DNS-based validation failed”

more info here

and here

regards
Jan

1 Like