Question

Letsencrypt : DNS challenges failed. Incorrect TXT record

My domain is: iskalar.com certbot 0.31.0

I ran this command:

sudo certbot certonly --manual -d *.iskalar.com -d iskalar.com --agree-tos --no-bootstrap --manual-public-ip-logging-ok --preferred-challenges dns-01 --server https://acme-v02.api.letsencrypt.org/directory

Output:

Please deploy a DNS TXT record under the name
_acme-challenge.iskalar.com with the following value:

VF2OMqNtJBL8K2uOFx_gjSDdVioQeIwoCMcqiN3-qEQ

Before continuing, verify the record is deployed.
(This must be set up in addition to the previous challenges; do not remove,
replace, or undo the previous challenge tasks yet. Note that you might be
asked to create multiple distinct TXT records with the same name. This is
permitted by DNS standards.)

Press Enter to Continue
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. iskalar.com (dns-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect TXT record “VF2OMqNtJBL8K2uOFx_gjSDdVioQeIwoCMcqiN3-qEQ” found at _acme-challenge.iskalar.com

**I deployed the DNS TXT value and hit enter. **

IMPORTANT NOTES:

The following errors were reported by the server:
Domain: iskalar.com
Type: unauthorized
Detail: Incorrect TXT record
“VF2OMqNtJBL8K2uOFx_gjSDdVioQeIwoCMcqiN3-qEQ” found at
_acme-challenge.iskalar.com

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.

Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.

**NSlookup give the same value. **

$ nslookup -q=txt _acme-challenge.iskalar.com ns1.digitalocean.com
Server: ns1.digitalocean.com
Address: 173.245.58.51#53

_acme-challenge.iskalar.com text = “VF2OMqNtJBL8K2uOFx_gjSDdVioQeIwoCMcqiN3-qEQ”

What should I do to make it work. Can i re run the command. Do I need to delete any files. before re running the command?

Subscribe
Share

Not sure that helps, but I had the same problem using certbot-dsn-digitalocean pugin. Increasing --dns-digitalocean-propagation-seconds parameter to 120 seconds solved the problem.

@tzoiker’s answer worked for me (thank you!)

Except 120 seconds wasn’t enough for me. It still failed after two minutes. I had to increase it to 500 seconds and it worked.


Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Accepted Answer

This comment has been deleted