I’m trying to setup LetsEncrypt and getting stuck.
First question: Are there any coherent instructions?
In my searching I’ve found bits and pieces scattered about but nothing complete enough for me to be successful.
Second: I setup a TXT record for our domain but I don’t know how it is to be formatted. I’ve tried:
_acme-challenge.my.domain.com “v=sODSl2_6gmW6BUsqSEkLrTTkbn5FtRCoS9-V1he0uYY”
_acme-challenge.my.domain.com “sODSl2_6gmW6BUsqSEkLrTTkbn5FtRCoS9-V1he0uYY”
Neither seems to work but I don’t know which end the problem is on.
Everytime I run:
dehydrated -c
the [“token”] “UywkpsWUBVBDCVCRsHrhNboUE58n_V3mI2TXySc4bxY”
is different and is never what I put in the TXT record.
Here is the failed Challenge Vaklidation:
ERROR: Challenge is invalid! (returned: invalid) (result: [type]
dns-01
[status]
invalid
[error,type]
urn:ietf:params:acme:error:unauthorized
[error,detail]
Incorrect TXT record \sODSl2_6gmW6BUsqSEkLrTTkbn5FtRCoS9-V1he0uYY\ found at _acme-challenge.my.domain.com
[error,status]
403
[error]
{type:urn:ietf:params:acme:error:unauthorized,detail:Incorrect TXT record \sODSl2_6gmW6BUsqSEkLrTTkbn5FtRCoS9-V1he0uYY\ found at _acme-challenge.my.domain.com,status:403}
I think you need to download first the certificate using the equivalent for dehydrated of certbot certonly and --manual options and then prepare the DNS record.
Thanks for that. It doesn’t explain what to put in the TXT record. Whatever I put in I can read with:
host -ttxt _acme-challenge.my.domain.com
and dehydrate still fails.
So I gave up on that and tried http-01 pointed at our internal server.
I created .well-known/acme-challenge and
ran “date > /web-root/.well-known/acme-challenge/test.txt”
apacke runs as wwwrun:www. The folders are so owned.
Ok. I have a work around for dns-01. I added a pause to the Deploy_Challenge function thusly:
printf "Copy and paste this Token to %s TXT record for: %s \n" $DOMAIN, $TOKEN_VALUE
printf "Challenge is waiting for DNS to propagate. \n"
read -n 1 -r -s -p "Press any key to continue..." key
I didn’t try it but I guess if you used:
printf “Domain = %s File Name = %s Token Value = %s \n” $DOMAIN, $TOKEN_FILENAME, $TOKEN_VALUE
This should work for http-01 also.
I hope this helps somebody.
and thanks to the guys who tried to help me.