-1

I'm trying to renew my LetsEncrypt certificate on my Raspberry Pi running apache2, but I seem to get an error when CertBot tries to generate the certificate.

Expected sha256 a988718abfad80b6b157acce7bf130a30876d27603738ac39f140993246b25b3
         Got        6162f1c328e42d9bd4e74ca234a575748f199e40f56d5ec3204d55cd130cfd7e

I've tried manually running it by updating my DNS records on my domain but I seem to get this error

    Failed authorization procedure. theflyingrat.com (dns-01): urn:ietf:params:acme:error:dns :: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.theflyingrat.com

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: theflyingrat.com
   Type:   None
   Detail: DNS problem: NXDOMAIN looking up TXT for
   _acme-challenge.theflyingrat.com

If I can, I want to be able to know how to install a Wildcard certificate, but that also gives me errors. I've tried the --certonly parameter on a Raspberry Pi Zero to hopefully give me the certificate there so I can migrate it over to my main Pi Server, but that (as you guessed) also gives me the SAME errors.

Thanks in advance, P.s, the (non-wildcard) certificate expired yesterday, so a fast response would be very grateful.

Thanks, Rat (Joey)

Joey M
  • 1
  • 3
  • "NXDOMAIN looking up TXT for _acme-challenge.theflyingrat.com" means that you did not publish the TXT record in the DNS as certbot asked you to do. Until you do that, no certificate renewal will be possible. – Patrick Mevzek Jun 30 '19 at 03:17
  • "certificate expired yesterday" and why did you wait? there is no sense waiting for the last time, you should start renewing your certificates automatically 30 days before expiration. – Patrick Mevzek Jun 30 '19 at 03:18
  • @PatrickMevzek I've added the TXT record, but still after 10 minutes, it still produces that error. – Joey M Jun 30 '19 at 03:51
  • just advice, I think it's better to create new certificate then renew if it has a problem. – Muhammad Dyas Yaskur Jun 30 '19 at 05:41
  • @MuhammadDyasYaskur how it is better? The validation process is exactly the same in both cases... – Patrick Mevzek Jun 30 '19 at 22:00
  • "I've added the TXT record", no because even the authoritative nameservers on your zone do not publish it. So the record has not been added to the zone; Consult your DNS provider help/support to understand why. – Patrick Mevzek Jun 30 '19 at 22:10
  • you can choose another validation method. – Muhammad Dyas Yaskur Jul 01 '19 at 03:19

1 Answers1

0

It seems the problem got fixed because I ran this command:

sudo certbot certonly --webroot

turns out I needed the --webroot parameter.

Sorry about the trouble,

-Rat (Joey)

Joey M
  • 1
  • 3