Error in renewal even with matching txt DNS records

Hello,
Trying to renew a wildcard certificate as I have done repeatedly in the past by updating a DNS TXT Record. Looking at the logs it shows the requested string as well as the results of the attempt. But the failure message shows the correct txt string:

(Update DNS Manually) :: Please login to your DNS control panel for the domain ‘*.isemanhomes.com’ and create a new TXT record named:
_acme-challenge.isemanhomes.com
with the value:
pONQOJ3DzxMttDTlo5b5_hcnZ4FWsNbpGRxPNGJUGfA

2020-12-12 11:20:21.027 -08:00 [INF]
2020-12-12 11:32:32.373 -08:00 [INF] ---- Beginning Request [*.isemanhomes.com] ----
2020-12-12 11:32:32.381 -08:00 [INF] BeginCertificateOrder: creating/retrieving order. Retries remaining:2
2020-12-12 11:32:32.381 -08:00 [INF] Created ACME Order: REDACTED://acme-v02.api.letsencrypt.org/acme/order/48994129/6705864671
2020-12-12 11:32:32.647 -08:00 [INF] Fetching Authorizations.
2020-12-12 11:32:33.128 -08:00 [INF] Got http-01 challenge REDACTED://acme-v02.api.letsencrypt.org/acme/chall-v3/9257938435/6oScWQ
2020-12-12 11:32:33.306 -08:00 [INF] Got dns-01 challenge REDACTED://acme-v02.api.letsencrypt.org/acme/chall-v3/9257938435/LKCIBA
2020-12-12 11:32:33.757 -08:00 [INF] Got dns-01 challenge REDACTED://acme-v02.api.letsencrypt.org/acme/chall-v3/9258091835/M8C2xQ
2020-12-12 11:32:33.757 -08:00 [INF] Attempting Challenge Response Validation for Domain: *.isemanhomes.com
2020-12-12 11:32:33.758 -08:00 [INF] Registering and Validating *.isemanhomes.com
2020-12-12 11:32:33.758 -08:00 [INF] Checking automated challenge response for Domain: *.isemanhomes.com
2020-12-12 11:32:33.903 -08:00 [WRN] Challenge response validation still pending. Re-checking [10]…
2020-12-12 11:32:35.611 -08:00 [INF] Domain validation completed: *.isemanhomes.com
2020-12-12 11:32:35.611 -08:00 [INF] Attempting Challenge Response Validation for Domain: isemanhomes.com
2020-12-12 11:32:35.611 -08:00 [INF] Registering and Validating isemanhomes.com
2020-12-12 11:32:35.612 -08:00 [INF] Checking automated challenge response for Domain: isemanhomes.com
2020-12-12 11:32:35.766 -08:00 [WRN] Challenge response validation still pending. Re-checking [10]…
2020-12-12 11:32:37.355 -08:00 [INF] Incorrect TXT record “pONQOJ3DzxMttDTlo5b5_hcnZ4FWsNbpGRxPNGJUGfA” found at _acme-challenge.isemanhomes.com
2020-12-12 11:32:38.480 -08:00 [INF] Validation of the required challenges did not complete successfully. Incorrect TXT record “pONQOJ3DzxMttDTlo5b5_hcnZ4FWsNbpGRxPNGJUGfA” found at _acme-challenge.isemanhomes.com

Now I am seeing I only have two more attempts allowed but if the record matches what recourse do I have?

Also, I no longer see any new strings that may have changed to confirm the current txt record values. I did update to the latest version today. Does anyone have a similar issue?

Hi, sorry for the delayed reply. Your validation is most likely failing because you are trying to validate both *.isemanhomes.com and isemanhomes.com, due to the way Let’s Encrypt validation works this requires updating the same TXT record with 2 different values. Some DNS control panels allow this, others don’t. One option is to let one validation pass then get the other one to pass over multiple attempts, then because LE cache validation successes you will eventually be able to proceed.

I don’t recommend using the Manual DNS option at all as it requires you to not only remember to renewing your cert but also to remember how to do it and endure the possible failures you can encounter, I’d advise you to try our Rackspace DNS provider and provide feedback if it doesn’t work for you. Alternatively, check out the acme-dns option (https://docs.certifytheweb.com/docs/dns/providers/acme-dns)