Question
Letsencrypt : DNS challenges failed. Incorrect TXT record
- Posted on June 22, 2020
- Let's EncryptNginx
Asked by sakthidasan
My domain is: iskalar.com certbot 0.31.0
I ran this command:
sudo certbot certonly --manual -d *.iskalar.com -d iskalar.com --agree-tos --no-bootstrap --manual-public-ip-logging-ok --preferred-challenges dns-01 --server https://acme-v02.api.letsencrypt.org/directory
Output:
Please deploy a DNS TXT record under the name
_acme-challenge.iskalar.com with the following value:
VF2OMqNtJBL8K2uOFx_gjSDdVioQeIwoCMcqiN3-qEQ
Before continuing, verify the record is deployed.
(This must be set up in addition to the previous challenges; do not remove,
replace, or undo the previous challenge tasks yet. Note that you might be
asked to create multiple distinct TXT records with the same name. This is
permitted by DNS standards.)
Press Enter to Continue
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. iskalar.com (dns-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect TXT record “VF2OMqNtJBL8K2uOFx_gjSDdVioQeIwoCMcqiN3-qEQ” found at _acme-challenge.iskalar.com
**I deployed the DNS TXT value and hit enter. **
IMPORTANT NOTES:
The following errors were reported by the server:
Domain: iskalar.com
Type: unauthorized
Detail: Incorrect TXT record
“VF2OMqNtJBL8K2uOFx_gjSDdVioQeIwoCMcqiN3-qEQ” found at
_acme-challenge.iskalar.com
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
**NSlookup give the same value. **
$ nslookup -q=txt _acme-challenge.iskalar.com ns1.digitalocean.com
Server: ns1.digitalocean.com
Address: 173.245.58.51#53
_acme-challenge.iskalar.com text = “VF2OMqNtJBL8K2uOFx_gjSDdVioQeIwoCMcqiN3-qEQ”
What should I do to make it work. Can i re run the command. Do I need to delete any files. before re running the command?
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
Get our biweekly newsletter
Sign up for Infrastructure as a Newsletter.
Hollie's Hub for Good
Working on improving health and education, reducing inequality, and spurring economic growth? We'd like to help.
Become a contributor
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
This comment has been deleted
A solution that worked for me!
Increase the propagation seconds to 60 or 120 seconds. For my particular use case, as I was using Cloudflare, the following config got the job done!
Thank you tzoiker! Increasing the
--dns-digitalocean-propagation-secondsparameter to 120 seconds solved the problem on my end too!