Wildcard certificate - Challenge failed

Hello Everyone!

I am trying to install a site with wildcard from letsencrypt since over a week now with no luck!
i tried all possible solutions but nothing is working.

the error is:

Warning: Challenge Authorization failed. Check logs and check if your domain is pointed correctly to this server.
Re-run `ee site ssl riding.in.th` after fixing the issue.
Warning: Failed to verify SSL: Challenge failed (response: {"type":"dns-01","status":"pending","url":"https:\/\/acme-v02.api.letsencrypt.org\/acme\/challenge\/PmyCYffxoVDNGpMzJfwgbO4JSWm17xG-HOZvZKB3NII\/11263307518","token":"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"}).
Warning: Check logs and retry `ee site ssl riding.in.th` once the issue is resolved.

I have made sure that the DNS TXT entries are exact: no luck.
I disabled nginx-proxy redirect file: no luck
I tried to search the logs: i can’t seem to find logs for LE
I tried to remove all old certificated and the authorization_challenge.json : no Luck

I am running EE v4.0.9 , Ubuntu 16.04.5, Digital Ocean.

Please help!

1 Like

The DNS challenge should have 2 TXT entries.

Did you manage to fix this? I got this problem too.

Unfortunately no, had switch to another system and not using EE anymore :frowning:

Thank you for your answer. :slight_smile:

I’ve got the same issue,
hunting for a solution myself
any update?

but when i run the host command to check my TXT value on my domain, the info is there

thing is, i wonder if i copied it wrong,

how do we find the TXT value again? i cant see it in the logs…

root@x1:/opt/easyengine/logs# ee site ssl xxx.io 
Starting SSL verification.
Warning: Failed to verify SSL: Can not validate challenge for domain xx.io
Warning: Check logs and retry `ee site ssl xx.io` once the issue is resolved.

Are you making these DNS changes on DO or your domain registrar? I made the mistake of making the TXT updates on my registrar rather than on DO.

This is so bad that it is not fixed, I tried the challenges from first again… not fixed.

I was able to update ssl for the first time and left it the same way and when it expired, it says

Starting SSL verification.
Warning: Failed to verify SSL: Can not validate challenge for domain xyz.com
Warning: Check logs and retry ee site ssl xyz.com once the issue is resolved.

I have the same problem, are there any news?

Checked this again and can confirm wildcard does not work. This should not be marketet as a feature on the main page if it doesn’t work.

Checked the txt record with an nslookup on my windows PC - thats ok and shows the values.
On my VPS with the host -t txt command it does not confirm a valid txt entry:
_acme-challenge.mydomain.com has no TXT record

can anyone confirm this issue?