Failed during certbot renew

Hi,

A couple of month went by… and my LetsEncrypt certificate is due.
(swapped some path and addresses with XX to overcome the 2 link restriction on this post…)

$ sudo certbot renew
Saving debug log to XXXXletsencrypt.log


Processing XXXcoders.dedyn.io.conf


Cert is due for renewal, auto-renewing…
Plugins selected: Authenticator manual, Installer None
Renewing an existing certificate for codersXdedynXio
Performing the following challenges:
dns-01 challenge for codersXdedynXio
Running manual-auth-hook command: ./hook.sh
Output from manual-auth-hook command hook.sh:
Setting challenge to XXXXXXX …
Waiting 120s for changes be published.
Mon Mar 29 09:43:10 UTC 2021
Token published. Returning to certbot.

Error output from manual-auth-hook command hook.sh:
curl: (22) The requested URL returned error: 401
curl: (22) The requested URL returned error: 401
curl: (22) The requested URL returned error: 401

Waiting for verification…
Challenge failed for domain codersXdedynXio

dns-01 challenge for codersXdedynXio
Cleaning up challenges

Running manual-cleanup-hook command: ./hook.sh
Output from manual-cleanup-hook command hook.sh:
Deleting challenge XXXXXXX …

Token deleted. Returning to certbot.
Error output from manual-cleanup-hook command hook.sh:
curl: (22) The requested URL returned error: 401
curl: (22) The requested URL returned error: 401
curl: (22) The requested URL returned error: 401

Failed to renew certificate coders.dedyn.io with error: Some challenges have failed.


All renewals failed. The following certificates could not be renewed:
XXXXcodersXdedynXioXfullchainXpem (failure)


1 renew failure(s), 0 parse failure(s)

IMPORTANT NOTES:

  • The following errors were reported by the server:
    Domain: coders.dedyn.io
    Type: unauthorized
    Detail: No TXT record found at _acme-challengeXcodersXdedynXio
    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address.

Hi David,

Error 401 means that you are not using a valid authentication token. The deSEC authentication token for the Let’s Encryption DNS challenge should be the same as your dynDNS update password.

Please double-check your configuration, and also verify that your authentication can be used as an update password. If the problem persists (which would be surprising), please let us know!

Stay secure,
Peter

Indeed this was the problem and I will use this space to elaborate:
The DEDYN_TOKEN in the .dedynauth file was set to a different token than the one I was using to perform DNS updates.