I’m having some issues getting a new domain to work with lets encrypt. I’ve added my new domain to the duckdns config but when it runs it is unable to verify the new domain. It looks like it’s generating a new token for me to use to validate…but doesn’t give me a chance to add it as a TXT record before checking. I have gone and added the token but I think at that point it’s too late. Has anyone had any luck getting this to work?
CONFIG
{
"lets_encrypt": {
"accept_terms": true,
"certfile": "fullchain.pem",
"keyfile": "privkey.pem"
},
"token": "<DUCKDNS TOKEN>",
"domains": [
"mydomain.duckdns.org",
"sd.newdomain.com"
],
"seconds": 300
}
LOG
# INFO: Using main config file /data/workdir/config
+ Account already registered!
Sat Nov 10 00:47:24 CST 2018: KO
# INFO: Using main config file /data/workdir/config
Processing mydomain.duckdns.org with alternative names: sd.newdomain.com
+ Checking domain name(s) of existing cert... changed!
+ Domain name(s) are not matching!
+ Names in old certificate: mydomain.duckdns.org
+ Configured names: mydomain.duckdns.org sd.newdomain.com
+ Forcing renew.
+ Checking expire date of existing cert...
+ Valid till Jan 19 17:20:00 2019 GMT (Longer than 30 days). Ignoring because renew was forced!
+ Signing domains...
+ Generating private key...
+ Generating signing request...
+ Requesting new certificate order from CA...
+ Received 2 authorizations URLs from the CA
+ Handling authorization for mydomain.duckdns.org
+ Found valid authorization for mydomain.duckdns.org
+ Handling authorization for sd.newdomain.com
+ 1 pending challenge(s)
+ Deploying challenge tokens...
KO + Responding to challenge for sd.newdomain.com authorization...
+ Cleaning challenge tokens...
KO + Challenge validation has failed :(
ERROR: Challenge is invalid! (returned: invalid) (result: {
"type": "dns-01",
"status": "invalid",
"error": {
"type": "urn:ietf:params:acme:error:unauthorized",
"detail": "Incorrect TXT record \"<PREVIOUS TOKEN>\" found at _acme-challenge.sd.newdomain.com",
"status": 403
},
"url": "https://acme-v02.api.letsencrypt.org/acme/challenge/<RANDOM>/<RANDOM>",
"token": "<NEW TOKEN>"
})