Join GitHub today
Failure to validate using DNS with wildcard certificate #384
Doing a manual DNS TXT record - created record with the given code but it is failing to recognise it. A single domain certificate worked fine - so seems to be an issue on wildcard domains. Log below shows the problem - in bold the code it wanted for DNS and the code it got from the check of DNS - they are the same but it still failed (this was latest 18.104.22.168 version)
(Update DNS Manually) :: Please login to your DNS control panel for the domain '*.workflowconsulting.co.uk' and create a new TXT record named:
2018-11-16 15:03:09.275 +00:00 [INF] Created ACME Order: https://acme-v02.api.letsencrypt.org/acme/order/45911767/177406928
In the case of a cert for a domain wildcard + the domain itself, the instructions should tell you to create two values for the same record (this is a quirk of Let's Encrypt). So you need to add both values to the TXT record (not just one) for the validation to complete cleanly.
As a workaround, validation status is remembered by Let's Encrypt so if you can only supply one value then you can supply one, then repeat the certificate request and supply the other (the second attempt will then succeed).
Note that manual DNS is the hardest DNS option and using a supported API is much much easier (cloudflare is free/inexpensive and particularly easy).
Thanks for the response - for my sins in an earIier life am using 1&1 for the domain so it isn't that easier to control the DNS. I assume (perhaps incorrectly) that once the DNS TXT token has been setup renewals will use the same value.
Anyway - I seem to have got it working - seems that you need to make sure the wildcard cert also ahs a "real" address - so say www.xyz.co.uk and *.xyz.co.uk - and when you do that it seems if you make the "real" one the first in the list then it works OK. Hope that helps anyone else who encounters this.