I think this is self-explanatory. I redacted the domain to example.tld
and hook stored at /path/to/hook.sh
.
Command:
# certbot certonly --email "$EMAIL" --agree-tos --no-eff \
--manual --manual-auth-hook /path/to/hook.sh \
--manual-cleanup-hook /path/to/hook.sh \
--preferred-challenges dns \
-d example.tld -d *.example.tld
Results:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Requesting a certificate for example.tld and *.example.tld
Performing the following challenges:
dns-01 challenge for example.tld
dns-01 challenge for example.tld
Running manual-auth-hook command: /path/to/hook.sh
Output from manual-auth-hook command hook.sh:
Setting challenge to XXXXXXXXXXXXXXXXXXXXX ...
Waiting 120s for changes be published.
Mon 05 Apr 2021 07:30:08 PM MDT
Token published. Returning to certbot.
Running manual-auth-hook command: /path/to/hook.sh
Output from manual-auth-hook command hook.sh:
Setting challenge to YYYYYYYYYYYYYYYYYYYYY ...
Waiting 120s for changes be published.
Mon 05 Apr 2021 07:32:10 PM MDT
Token published. Returning to certbot.
Waiting for verification...
Challenge failed for domain example.tld
Challenge failed for domain example.tld
dns-01 challenge for example.tld
dns-01 challenge for example.tld
Cleaning up challenges
Running manual-cleanup-hook command: /path/to/hook.sh
Output from manual-cleanup-hook command hook.sh:
Deleting challenge XXXXXXXXXXXXXXXXXXXXX ...
Token deleted. Returning to certbot.
Running manual-cleanup-hook command: /path/to/hook.sh
Output from manual-cleanup-hook command hook.sh:
Deleting challenge YYYYYYYYYYYYYYYYYYYYY ...
Token deleted. Returning to certbot.
Some challenges have failed.
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: example.tld
Type: dns
Detail: DNS problem: query timed out looking up TXT for
_acme-challenge.example.tld
Domain: example.tld
Type: dns
Detail: DNS problem: query timed out looking up TXT for
_acme-challenge.example.tld
I don’t think the challenge should be happening twice. Maybe both TXT records are being set, one being overridden, and then both get checked and fail somehow.
Let me know if you need more info.
-Keith