Question

Letsencrypt : DNS challenges failed. Incorrect TXT record

My domain is: iskalar.com certbot 0.31.0

I ran this command:

sudo certbot certonly --manual -d *.iskalar.com -d iskalar.com --agree-tos --no-bootstrap --manual-public-ip-logging-ok --preferred-challenges dns-01 --server https://acme-v02.api.letsencrypt.org/directory

Output:

Please deploy a DNS TXT record under the name
_acme-challenge.iskalar.com with the following value:

VF2OMqNtJBL8K2uOFx_gjSDdVioQeIwoCMcqiN3-qEQ

Before continuing, verify the record is deployed.
(This must be set up in addition to the previous challenges; do not remove,
replace, or undo the previous challenge tasks yet. Note that you might be
asked to create multiple distinct TXT records with the same name. This is
permitted by DNS standards.)

Press Enter to Continue
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. iskalar.com (dns-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect TXT record “VF2OMqNtJBL8K2uOFx_gjSDdVioQeIwoCMcqiN3-qEQ” found at _acme-challenge.iskalar.com

**I deployed the DNS TXT value and hit enter. **

IMPORTANT NOTES:

The following errors were reported by the server:
Domain: iskalar.com
Type: unauthorized
Detail: Incorrect TXT record
“VF2OMqNtJBL8K2uOFx_gjSDdVioQeIwoCMcqiN3-qEQ” found at
_acme-challenge.iskalar.com

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.

Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.

**NSlookup give the same value. **

$ nslookup -q=txt _acme-challenge.iskalar.com ns1.digitalocean.com
Server: ns1.digitalocean.com
Address: 173.245.58.51#53

_acme-challenge.iskalar.com text = “VF2OMqNtJBL8K2uOFx_gjSDdVioQeIwoCMcqiN3-qEQ”

What should I do to make it work. Can i re run the command. Do I need to delete any files. before re running the command?

Show comments

Submit an answer


This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Accepted Answer

This comment has been deleted

    A solution that worked for me!

    Increase the propagation seconds to 60 or 120 seconds. For my particular use case, as I was using Cloudflare, the following config got the job done!

    --dns-cloudflare-propagation-seconds 60 (default is 10 seconds)
    
    Bobby Iliev
    Site Moderator
    Site Moderator badge
    July 2, 2022

    Thank you tzoiker! Increasing the --dns-digitalocean-propagation-seconds parameter to 120 seconds solved the problem on my end too!

    Try DigitalOcean for free

    Click below to sign up and get $200 of credit to try our products over 60 days!

    Sign up

    Become a contributor for community

    Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

    DigitalOcean Documentation

    Full documentation for every DigitalOcean product.

    Resources for startups and SMBs

    The Wave has everything you need to know about building a business, from raising funding to marketing your product.

    Get our newsletter

    Stay up to date by signing up for DigitalOcean’s Infrastructure as a Newsletter.

    New accounts only. By submitting your email you agree to our Privacy Policy

    The developer cloud

    Scale up as you grow — whether you're running one virtual machine or ten thousand.

    Get started for free

    Sign up and get $200 in credit for your first 60 days with DigitalOcean.*

    *This promotional offer applies to new accounts only.