我正在尝试使用 certbot 将通配符域添加到 nginx 服务器,运行以下命令
sudo certbot --server https://acme-v02.api.letsencrypt.org/directory --manual --preferred-challenges dns --installer nginx -d photoss.co.in -d *.photoss.co.in
我收到了消息
Please deploy a DNS TXT record under the name
_acme-challenge.photoss.co.in with the following `value:tXKNeJ2OIWdsDa3Lxnj5fSVXqX5u4ko38ceHd6Pbs`
因此我在 go daddy 名称服务器上输入了一条包含上述值的 txt 记录,当继续在终端上操作时,又出现了一条类似的消息,因此我又输入了一条 txt 记录,而没有删除或编辑前一条记录,但继续操作时出现以下错误
waiting for verification...
Challenge failed for domain photoss.co.in
Challenge failed for domain photoss.co.in
dns-01 challenge for photoss.co.in
dns-01 challenge for photoss.co.in
Cleaning up challenges
Some challenges have failed.
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: photoss.co.in
Type: unauthorized
Detail: No TXT record found at _acme-challenge.photoss.co.in
Domain: photoss.co.in
Type: unauthorized
Detail: No TXT record found at _acme-challenge.photoss.co.in
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
答案1
当使用 DNS-01 挑战时,您必须删除旧记录,因为您不能拥有两个具有相同主机名的记录并通过测试。
如果您未通过测试但知道记录正确,则应设置 DNS 服务器允许的最低 TTL。
这仅基于我自己的经验,如果不删除旧记录就永远无法通过测试,而且在第一次测试的 TTL 内也永远无法通过测试。