Requesting a certificate from Let's Encrypt .. .. request failed : DNS-based validation failed


OS type and version: CentOS Linux 7.9.2009
Webmin version: 1.994
Virtualmin version: 7.1
Related products version: Apache 2.4.6
Related products version: BIND 9.11

Hello all.
I was trying to configure an email from the vps to work via GMail, unsuccessfully, after a couple adjustments the Email Server was able to pass the diagnostics of: MXToolBox and intoDNS . Then I realized that the first time I requested the Let’s encrypt certificate, I missed the So I requested via Virtualmin, the Certificate again including but it failed with this error:

Requesting a certificate for * from Let’s Encrypt …
… request failed : DNS-based validation failed

Following several post on the topic I:
1.- added A register for server host
2.- added in .htaccess:
RewriteCond %{HTTP_HOST}
RewriteRule ^(.*) [R=301,L]

But I still get:

Requesting a certificate for * from Let’s Encrypt …
… request failed : DNS-based validation failed

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Starting new HTTPS connection (1):
Renewing an existing certificate
Performing the following challenges:
dns-01 challenge for
Cleaning up challenges
Encountered exception during recovery: 
Traceback (most recent call last):
  File "/usr/lib/python2.7/site-packages/certbot/_internal/", line 125, in _call_registered
  File "/usr/lib/python2.7/site-packages/certbot/_internal/", line 243, in _cleanup_challenges
  File "/usr/lib/python2.7/site-packages/certbot/_internal/plugins/", line 182, in cleanup
    env = self.env.pop(achall)
KeyError: KeyAuthorizationAnnotatedChallenge(challb=ChallengeBody(chall=DNS01(token=';\xc1o\x02\x7f\x17@\n$\x95sM\x93w\xbaW\xf3\xea\x1d\xa7\xa4z\x829\xc2\x07\xad{\x1bz\xdeI'), status=Status(pending), uri=u'', validated=None, _url=u'', error=None), domain=u'', account_key=JWKRSA(key=<ComparableRSAKey(<cryptography.hazmat.backends.openssl.rsa._RSAPrivateKey object at 0x7fa19b7caad0>)>))
Missing command line flag or config entry for this setting:
NOTE: The IP of this machine will be publicly logged as having requested this certificate. If you're running certbot in manual mode on a machine that is not your server, please ensure you're okay with that.

Are you OK with your IP being logged?

(You can set this with the --manual-public-ip-logging-ok flag

Any Idea to find a solution?
Thanks and regards


Explain what you mean “via Gmail”.

*** Professional, Affordable, Trusted Technical Assistance – ***

Hello @tpnsolutions It is using GMail to send and receive from other email accounts, like explained in this article, I get the error while configuring “Send mail as”

¿Any Idea?
Thanks and regards

you are requesting a wildcard certificate.

With a normal cert Let’s Encrypt tests if you really own the domein name by placing and reading a little file on the website.

With a wildcard cert Let’s Encrypt cheks the request by looking for a
TXT record with the name:

This error has nothing to do with gmail, but with you requesting a wildcard and not having the needed dns record.

I thought the error was pretty clear:

“… request failed : DNS-based validation failed”

more info here

and here


1 Like