Authentication DNS - says TXT record is wrong, but matches with what it advised


First time here.

Have set certifytheweb up and set to do DNS authorization. I have created the TXT record as advised, and double checked the logs where it tells me

(Update DNS Manually) :: Please login to your DNS control panel for the domain ‘’ and create a new TXT record named:
with the value:

(replaced my actual domain with for this post).

I waited a bit for the DNS to filter through, and then tried to authorize it. It fails, and gives me this in the logs.

2018-08-22 14:56:57.177 +01:00 [INF] Incorrect TXT record “agOPbMM5iFhTVJ0oeAvOPPDv_mtz1fYUCs90qV7FE_A” found at
2018-08-22 14:56:59.843 +01:00 [INF] Validation of the required challenges did not complete successfully. Incorrect TXT record “agOPbMM5iFhTVJ0oeAvOPPDv_mtz1fYUCs90qV7FE_A” found at
2018-08-22 14:56:59.844 +01:00 [INF] Validation of the required challenges did not complete successfully. Incorrect TXT record “agOPbMM5iFhTVJ0oeAvOPPDv_mtz1fYUCs90qV7FE_A” found at

I’ve double checked but cannot see what is wrong here. It picks up the TXT record ok, and the value looks exactly the same (i copied and pasted from both places to be sure).


Hi, are you requesting a cert for a single domain or a wildcard (or both)?

Assume you are on latest v4.0.8? If so, just as an experiment can you try re-adding your contact under Settings - internally that creates a new account with Let’s Encrypt and updates the key associated with your account.


I am using, just installed couple of days ago.

I just managed to get it to work. I noticed when I was setting it up before, that the domain I wanted the cert for on IIS wasn’t in the dropdown menu, because I’d just set it up in IIS. So I had specified it manually before. Maybe this affected it? I did re-add my contact, but that didn’t fix the issue, so I think the key for me was closing it and restarting it so I could select my domain from the dropdown. Maybe this pulls some info across that isn’t there if you just type the domain in.

Thanks for your help, I did test this a few months back but we couldn’t use it as that project needed wildcard certs. I see you support those now too, so may well look at putting this onto that project at the next renewal.


I’m having the same problem (windows server 2016). I could select my site from the dropdown list tho.
Trying to add a wildcard cert with DNS auth. Tried it multiple times and I am sure that I am adding the correct DNS records.

Edit: Re-adding contact fixed my issues :slight_smile:


@TFMvdBroek were you upgrading from an older version or was this a first time install of the app?


I suspect you were having this issue with a wildcard cert because it matches exactly what i was seeing - I have put my solution here Wildcard Failing dns-01 Acme Challenge - it is just a matter of having things in the correct order. I’d be interested if that is how your cert setup ended up because I don’ think the contact had anything to do with it


I can’t recall now.

But I did find issues with the DNS authentication more recently when I was forced to use it for a wildcard cert. The only way I got that to work in the end was to use the Cloudflare API support and hook it up to certifytheweb, so it basically creates the DNS records it wants itself. I wasn’t sure the free cloudflare product would support that, but it does. I assume if there is an issue putting things in a certain order, that it ends up doing it the right way because it takes care of it itself.