And here is the letsencrypt.log if it’s of any help:
2019-11-23 14:20:00,952:DEBUG:certbot.main:certbot version: 0.39.0
2019-11-23 14:20:00,952:DEBUG:certbot.main:Arguments: [’–manual’, ‘-d’, ‘.mydomain.com’, ‘–preferred-challenges=dns’, ‘–manual-auth-hook’, ‘/etc/webmin/webmin/letsencrypt-dns.pl’, ‘–manual-cleanup-hook’, ‘/etc/webmin/webmin/letsencrypt-cleanup.pl’, ‘–duplicate’, ‘–force-renewal’, ‘–manual-public-ip-logging-ok’, ‘–config’, ‘/tmp/.webmin/894685_10770_2_letsencrypt.cgi’, ‘–rsa-key-size’, ‘2048’, ‘–cert-name’, '.mydomain.com’]
2019-11-23 14:20:00,952:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2019-11-23 14:20:00,968:DEBUG:certbot.log:Root logging level set at 20
2019-11-23 14:20:00,968:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2019-11-23 14:20:00,969:DEBUG:certbot.plugins.selection:Requested authenticator manual and installer None
2019-11-23 14:20:00,970:DEBUG:certbot.plugins.selection:Single candidate plugin: * manual
Description: Manual configuration or run your own shell scripts
Interfaces: IAuthenticator, IPlugin
Entry point: manual = certbot.plugins.manual:Authenticator
Initialized: <certbot.plugins.manual.Authenticator object at 0x7f93d258b890>
Prep: True
2019-11-23 14:20:00,970:DEBUG:certbot.plugins.selection:Selected authenticator <certbot.plugins.manual.Authenticator object at 0x7f93d258b890> and installer None
2019-11-23 14:20:00,970:INFO:certbot.plugins.selection:Plugins selected: Authenticator manual, Installer None
2019-11-23 14:20:00,992:DEBUG:certbot.main:Picked account: <Account(RegistrationResource(body=Registration(status=None, terms_of_service_agreed=None, agreement=None, only_return_existing=None, contact=(), key=None, external_account_binding=None), uri=u’https://acme-v02.api.letsencrypt.org/acme/acct/72375123’, new_authzr_uri=None, terms_of_service=None), 91f5d54f15cb24d7c5b2c0016c4ed042, Meta(creation_host=u’ns1.mynameserver.com’, creation_dt=datetime.datetime(2019, 11, 23, 10, 18, 39, tzinfo=)))>
2019-11-23 14:20:00,998:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2019-11-23 14:20:01,003:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
2019-11-23 14:20:01,644:DEBUG:requests.packages.urllib3.connectionpool:“GET /directory HTTP/1.1” 200 658
2019-11-23 14:20:01,645:DEBUG:acme.client:Received response:
HTTP 200
content-length: 658
strict-transport-security: max-age=604800
server: nginx
connection: keep-alive
cache-control: public, max-age=0, no-cache
date: Sat, 23 Nov 2019 14:20:01 GMT
x-frame-options: DENY
content-type: application/json
{
“2igNuAgelHk”: “https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417”,
“keyChange”: “https://acme-v02.api.letsencrypt.org/acme/key-change”,
“meta”: {
“caaIdentities”: [
“letsencrypt.org”
],
“termsOfService”: “https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf”,
“website”: “https://letsencrypt.org”
},
“newAccount”: “https://acme-v02.api.letsencrypt.org/acme/new-acct”,
“newNonce”: “https://acme-v02.api.letsencrypt.org/acme/new-nonce”,
“newOrder”: “https://acme-v02.api.letsencrypt.org/acme/new-order”,
“revokeCert”: “https://acme-v02.api.letsencrypt.org/acme/revoke-cert”
}
2019-11-23 14:20:01,646:INFO:certbot.main:Obtaining a new certificate
2019-11-23 14:20:01,836:DEBUG:certbot.crypto_util:Generating key (2048 bits): /etc/letsencrypt/keys/0012_key-certbot.pem
2019-11-23 14:20:01,839:DEBUG:certbot.crypto_util:Creating CSR: /etc/letsencrypt/csr/0012_csr-certbot.pem
2019-11-23 14:20:01,840:DEBUG:acme.client:Requesting fresh nonce
2019-11-23 14:20:01,840:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2019-11-23 14:20:02,001:DEBUG:requests.packages.urllib3.connectionpool:“HEAD /acme/new-nonce HTTP/1.1” 200 0
2019-11-23 14:20:02,002:DEBUG:acme.client:Received response:
HTTP 200
strict-transport-security: max-age=604800
server: nginx
connection: keep-alive
link: https://acme-v02.api.letsencrypt.org/directory;rel=“index”
cache-control: public, max-age=0, no-cache
date: Sat, 23 Nov 2019 14:20:01 GMT
x-frame-options: DENY
replay-nonce: 0001R9eVJmc8MJ3AGfSxegbItnSm_3OcrwN_GV9GtSUz7r8
2019-11-23 14:20:02,002:DEBUG:acme.client:Storing nonce: 0001R9eVJmc8MJ3AGfSxegbItnSm_3OcrwN_GV9GtSUz7r8
2019-11-23 14:20:02,003:DEBUG:acme.client:JWS payload:
{
“identifiers”: [
{
“type”: “dns”,
“value”: “*.mydomain.com”
}
]
}
2019-11-23 14:20:02,005:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
“protected”: “eyJub25jZSI6ICIwMDAxUjllVkptYzhNSjNBR2ZTeGVnYkl0blNtXzNPY3J3Tl9HVjlHdFNVejdyOCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvbmV3LW9yZGVyIiwgImtpZCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hY2N0LzcyMzc1MTIzIiwgImFsZyI6ICJSUzI1NiJ9”,
“payload”: “ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwgCiAgICAgICJ2YWx1ZSI6ICIqLnN0ZXZpYWRvbWFpbi5jb20iCiAgICB9CiAgXQp9”,
“signature”: “ulIdSJ-fJqAaN9BUhMCVYYliGd3x5AMAm853kn0NOTeGT4YFrVlDILoyrCPfQs1rnCOjP1-bnfAHLydddhNWalYrgt5hmj_48jis6cx4KDF02PRhgNap2XYXagywMcdzuMnBIZhwsk57na33xf9omuK6hnZ2RBndx-Pa0jyiqb38mmmRwZIah837995vb4_d_KwGVkgxjvIzMIrRLKhRTs3W9dCr5aZKsxlXmaL7JEu8CQdYysCIEvMTnii5w0RG-XgdMdGo40Vv88ctg8ED38OuVG5Msu054WSkPm-K2j3iEXPIim0cekz9PfIjp6xCUnAJKllwQU3f-vemmwIKBw”
}
2019-11-23 14:20:02,392:DEBUG:requests.packages.urllib3.connectionpool:“POST /acme/new-order HTTP/1.1” 201 348
2019-11-23 14:20:02,392:DEBUG:acme.client:Received response:
HTTP 201
content-length: 348
cache-control: public, max-age=0, no-cache
strict-transport-security: max-age=604800
server: nginx
connection: keep-alive
link: https://acme-v02.api.letsencrypt.org/directory;rel=“index”
location: https://acme-v02.api.letsencrypt.org/acme/order/72375123/1581229425
boulder-requester: 72375123
date: Sat, 23 Nov 2019 14:20:02 GMT
x-frame-options: DENY
content-type: application/json
replay-nonce: 0002N6m0uTFYzhQuSGsEWR7Y5YLOn4IKQxpVPqrtS9KCJ4g
{
“status”: “pending”,
“expires”: “2019-11-30T14:20:02.231114763Z”,
“identifiers”: [
{
“type”: “dns”,
“value”: “*.mydomain.com”
}
],
“authorizations”: [
“https://acme-v02.api.letsencrypt.org/acme/authz-v3/1370765971”
],
“finalize”: “https://acme-v02.api.letsencrypt.org/acme/finalize/72375123/1581229425”
}
2019-11-23 14:20:02,393:DEBUG:acme.client:Storing nonce: 0002N6m0uTFYzhQuSGsEWR7Y5YLOn4IKQxpVPqrtS9KCJ4g
2019-11-23 14:20:02,393:DEBUG:acme.client:JWS payload:
2019-11-23 14:20:02,394:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/1370765971:
{
“protected”: “eyJub25jZSI6ICIwMDAyTjZtMHVURll6aFF1U0dzRVdSN1k1WUxPbjRJS1F4cFZQcXJ0UzlLQ0o0ZyIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHotdjMvMTM3MDc2NTk3MSIsICJraWQiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC83MjM3NTEyMyIsICJhbGciOiAiUlMyNTYifQ”,
“payload”: “”,
“signature”: “f9GYPHfVfpJxipBxeVmmy_PgHVS7xpFK48W3HURY8Fswo4y1gp8vZCYbIJ23BT5F88xQj3X2FVQxYaxV1dL74iXuIb_lWfWVyqgVbEc05990XPobNWJorLpIxhrRGW3CG_xXnq0aarlc31y7Iok1y1P-5PeAsmyLvwjxPy1bTauYmjQ_jA8dCMGNO27AtKUIY7lXuIMRRorD_Xft6j2WMgx7qmyM1Vs1MdXZasVtvBatvblWNtDeALIauJ0MOnOl3gmyyIkwfal7nLtqhrCTCXhB7-oFnm53L4CLdkSSR7d8OcHHCxRQ0mrfqwri9lIamCdODDsntAkq4IOYAuxJtw”
}
2019-11-23 14:20:02,717:DEBUG:requests.packages.urllib3.connectionpool:“POST /acme/authz-v3/1370765971 HTTP/1.1” 200 388
2019-11-23 14:20:02,718:DEBUG:acme.client:Received response:
HTTP 200
content-length: 388
cache-control: public, max-age=0, no-cache
strict-transport-security: max-age=604800
server: nginx
connection: keep-alive
link: https://acme-v02.api.letsencrypt.org/directory;rel=“index”
boulder-requester: 72375123
date: Sat, 23 Nov 2019 14:20:02 GMT
x-frame-options: DENY
content-type: application/json
replay-nonce: 0002gPFihLTnsJ2-Yprgpn1Fwfl6wGliWloRF-FICbzl6Rs
{
“identifier”: {
“type”: “dns”,
“value”: “mydomain.com”
},
“status”: “pending”,
“expires”: “2019-11-30T14:20:02Z”,
“challenges”: [
{
“type”: “dns-01”,
“status”: “pending”,
“url”: “https://acme-v02.api.letsencrypt.org/acme/chall-v3/1370765971/9cRC5g”,
“token”: “TdqDZ4dH7KWGRGgQfj7sT-ixzD-fJkRGFtBK8g_Rhic”
}
],
“wildcard”: true
}
2019-11-23 14:20:02,718:DEBUG:acme.client:Storing nonce: 0002gPFihLTnsJ2-Yprgpn1Fwfl6wGliWloRF-FICbzl6Rs
2019-11-23 14:20:02,719:INFO:certbot.auth_handler:Performing the following challenges:
2019-11-23 14:20:02,719:INFO:certbot.auth_handler:dns-01 challenge for mydomain.com
2019-11-23 14:20:02,723:INFO:certbot.hooks:Running manual-auth-hook command: /etc/webmin/webmin/letsencrypt-dns.pl
2019-11-23 14:20:15,986:INFO:certbot.auth_handler:Waiting for verification…
2019-11-23 14:20:15,987:DEBUG:acme.client:JWS payload:
{
“type”: “dns-01”,
“resource”: “challenge”
}
2019-11-23 14:20:15,990:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/1370765971/9cRC5g:
{
“protected”: “eyJub25jZSI6ICIwMDAyZ1BGaWhMVG5zSjItWXByZ3BuMUZ3Zmw2d0dsaVdsb1JGLUZJQ2J6bDZScyIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvY2hhbGwtdjMvMTM3MDc2NTk3MS85Y1JDNWciLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNzIzNzUxMjMiLCAiYWxnIjogIlJTMjU2In0”,
“payload”: “ewogICJ0eXBlIjogImRucy0wMSIsIAogICJyZXNvdXJjZSI6ICJjaGFsbGVuZ2UiCn0”,
“signature”: “nHR-QZZX4D9Q1WZ03uePLScm75IKISTrL48dqHYeInZo1GsXnDDipArGug7imBqWHyjS8l-u-TIhRy5KSqJgmiksB2836uO5AwEfUrbTuCugNHenlfjXzKOm4sQYCuWy1n3YPHLQSj8MtG9qt8gh5rlgsYQel8yLsxrQS0tXYHn4dSDFRGUerjvEWmhFrXN2U45yqeLUWQmxeRHcs-wN_ZDB5XN1vMVE555k0qVa3SRfMaiBd0gtHvKp6GbJO6f0C_RoOPFksZnSHWnjQISfKE5f2VNG1_2bSCP36o7Ts1bD0u_isGGYrkdAVkhQuQ2TVSVUDYBLjUvq4QRIIBlDug”
}
2019-11-23 14:20:16,285:DEBUG:requests.packages.urllib3.connectionpool:“POST /acme/chall-v3/1370765971/9cRC5g HTTP/1.1” 200 184
2019-11-23 14:20:16,287:DEBUG:acme.client:Received response:
HTTP 200
content-length: 184
cache-control: public, max-age=0, no-cache
strict-transport-security: max-age=604800
server: nginx
connection: keep-alive
link: https://acme-v02.api.letsencrypt.org/directory;rel=“index”, https://acme-v02.api.letsencrypt.org/acme/authz-v3/1370765971;rel=“up”
location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/1370765971/9cRC5g
boulder-requester: 72375123
date: Sat, 23 Nov 2019 14:20:16 GMT
x-frame-options: DENY
content-type: application/json
replay-nonce: 0001F-Bh63pyygwrdV_MAzLAc6885CTGPPRRHb5IoUGrE64
{
“type”: “dns-01”,
“status”: “pending”,
“url”: “https://acme-v02.api.letsencrypt.org/acme/chall-v3/1370765971/9cRC5g”,
“token”: “TdqDZ4dH7KWGRGgQfj7sT-ixzD-fJkRGFtBK8g_Rhic”
}
2019-11-23 14:20:16,288:DEBUG:acme.client:Storing nonce: 0001F-Bh63pyygwrdV_MAzLAc6885CTGPPRRHb5IoUGrE64
2019-11-23 14:20:17,290:DEBUG:acme.client:JWS payload:
2019-11-23 14:20:17,294:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/1370765971:
{
“protected”: “eyJub25jZSI6ICIwMDAxRi1CaDYzcHl5Z3dyZFZfTUF6TEFjNjg4NUNUR1BQUlJIYjVJb1VHckU2NCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHotdjMvMTM3MDc2NTk3MSIsICJraWQiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC83MjM3NTEyMyIsICJhbGciOiAiUlMyNTYifQ”,
“payload”: “”,
“signature”: “bHLdMGuUS2uz3SX3UXHXl02fOEmuGMDW4JswGUuRXm9lk3SPWI3JDQ5pitBRQg8jMP6P9fwzuPla-BNOjUvr8uNYKDLZR8codTOzJ0xmi44hP1_NLr3YgSRA9-AhCFlSZxpu4mMdhZkaNDCOjtVAgYmR9XZmg2SH7KG9Ih90FYDEIjxS6oj3ydrbvddGfn-C46_Br28F3_860M_l5ZpZAaBefJ-MPAAKCCSmynRY68ta-EOX7u9zw8rGm12KffZwioaj5dPqVLZpzNH1MCqoNbB0bM19ufWhe1nU8nUSN603JZQetfOR5h7ETVnUQnXOhyB1ZTNrRDYUyY1KgaYbTg”
}
2019-11-23 14:20:17,471:DEBUG:requests.packages.urllib3.connectionpool:“POST /acme/authz-v3/1370765971 HTTP/1.1” 200 581
2019-11-23 14:20:17,472:DEBUG:acme.client:Received response:
HTTP 200
content-length: 581
cache-control: public, max-age=0, no-cache
strict-transport-security: max-age=604800
server: nginx
connection: keep-alive
link: https://acme-v02.api.letsencrypt.org/directory;rel=“index”
boulder-requester: 72375123
date: Sat, 23 Nov 2019 14:20:17 GMT
x-frame-options: DENY
content-type: application/json
replay-nonce: 00010hOfdpBmwKBNB3rVFcSAf9IJuKNd0zCvoQ6beohL3og
{
“identifier”: {
“type”: “dns”,
“value”: “mydomain.com”
},
“status”: “invalid”,
“expires”: “2019-11-30T14:20:02Z”,
“challenges”: [
{
“type”: “dns-01”,
“status”: “invalid”,
“error”: {
“type”: “urn:ietf:params:acme:error:dns”,
“detail”: “DNS problem: NXDOMAIN looking up TXT for _acme-challenge.mydomain.com”,
“status”: 400
},
“url”: “https://acme-v02.api.letsencrypt.org/acme/chall-v3/1370765971/9cRC5g”,
“token”: “TdqDZ4dH7KWGRGgQfj7sT-ixzD-fJkRGFtBK8g_Rhic”
}
],
“wildcard”: true
}
2019-11-23 14:20:17,473:DEBUG:acme.client:Storing nonce: 00010hOfdpBmwKBNB3rVFcSAf9IJuKNd0zCvoQ6beohL3og
2019-11-23 14:20:17,473:WARNING:certbot.auth_handler:Challenge failed for domain mydomain.com
2019-11-23 14:20:17,473:INFO:certbot.auth_handler:dns-01 challenge for mydomain.com
2019-11-23 14:20:17,474:DEBUG:certbot.reporter:Reporting to user: The following errors were reported by the server:
Domain: mydomain.com
Type: dns
Detail: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.mydomain.com
2019-11-23 14:20:17,474:DEBUG:certbot.error_handler:Encountered exception:
Traceback (most recent call last):
File “/usr/lib/python2.7/site-packages/certbot/auth_handler.py”, line 90, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, best_effort)
File “/usr/lib/python2.7/site-packages/certbot/auth_handler.py”, line 154, in _poll_authorizations
raise errors.AuthorizationError(‘Some challenges have failed.’)
AuthorizationError: Some challenges have failed.
2019-11-23 14:20:17,474:DEBUG:certbot.error_handler:Calling registered functions
2019-11-23 14:20:17,474:INFO:certbot.auth_handler:Cleaning up challenges
2019-11-23 14:20:17,475:INFO:certbot.hooks:Running manual-cleanup-hook command: /etc/webmin/webmin/letsencrypt-cleanup.pl
2019-11-23 14:20:20,749:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
File “/bin/letsencrypt”, line 9, in
load_entry_point(‘certbot==0.39.0’, ‘console_scripts’, ‘certbot’)()
File “/usr/lib/python2.7/site-packages/certbot/main.py”, line 1378, in main
return config.func(config, plugins)
File “/usr/lib/python2.7/site-packages/certbot/main.py”, line 1265, in certonly
lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
File “/usr/lib/python2.7/site-packages/certbot/main.py”, line 121, in _get_and_save_cert
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
File “/usr/lib/python2.7/site-packages/certbot/client.py”, line 405, in obtain_and_enroll_certificate
cert, chain, key, _ = self.obtain_certificate(domains)
File “/usr/lib/python2.7/site-packages/certbot/client.py”, line 348, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File “/usr/lib/python2.7/site-packages/certbot/client.py”, line 384, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
File “/usr/lib/python2.7/site-packages/certbot/auth_handler.py”, line 90, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, best_effort)
File “/usr/lib/python2.7/site-packages/certbot/auth_handler.py”, line 154, in _poll_authorizations
raise errors.AuthorizationError(‘Some challenges have failed.’)
AuthorizationError: Some challenges have failed.