Hi Guys
This May Be A noobe question but im trying to setup wildcard for my domain when simply doing a standard ssl renew or request new its fine but if i click add wildcard i get this error i have used mysite instaead of my domain
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Renewing an existing certificate for mysite.com and *.mysite.com
Certbot failed to authenticate some domains (authenticator: manual). The Certificate Authority reported these problems:
Domain: mysite.com
Type: unauthorized
Detail: Incorrect TXT record “v=spf1 include:mailgun.org ~all” found at _acme-challenge.mysite.com
Hint: The Certificate Authority failed to verify the DNS TXT records created by the --manual-auth-hook. Ensure that this hook is functioning correctly and that it waits a sufficient duration of time for DNS propagation. Refer to “certbot --help manual” and the Certbot User Guide.
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
Please put this in the simplist ways i know your all pretty 3lite Thank in advance oh and my DNS is Via GoDaddy
That’s an incoherent TXT record for _acme-challenge. That’s an SPF record, which has nothing to do with ACME.
Virtualmin can only request a wildcard certificate from Let’s Encrypt if it is managing your DNS, whether locally or via a cloud service.
It believes it is managing your DNS, or it wouldn’t have offered to request a wildcard, but the fact that it fails and the fact that the TXT record on _acme-challenge is seemingly a copy/paste error, leads me to believe you’re actually hosting your DNS somewhere outside of the control of Virtualmin. Thus, you cannot get a wildcard certificate using Virtualmin, and you should configure Virtualmin so that it doesn’t believe it is managing your DNS by disabling the DNS Feature in Features and Plugins (you’ll have to turn off DNS for all the domains that have it enabled, first).
You don’t put it anywhere. You cannot get a wildcard certificate with Virtualmin if Virtualmin is not managing your DNS.
You can manually create a wildcard with certbot, but you’ll also have to renew it manually, because to automate it the tool (whether certbot or Virtualmin) needs to be able to modify the TXT record for the _acme-challenge name in your zone.
But you can’t on a Virtualmin system as Joe explained it to you, except if you allow VM to handle the DNS. If If you use VM dns then just tick the the wildcard in the SSL provider section. No need to add records.
But, just don’t use a wildcard. There’s very few reasons to use a wildcard.
You can use web validation to get as many certs as you want, and you can verify for a bunch of domains on a single cert (not unlimited, but several) as long as they’re hosted on the Virtualmin system.
