How to set up cert for wix subdomain using dns challenge

1

I have a wix website with subdomains whose apps are hosted on digitalocean with the subdomains pointing to my loadbalancer on digitalocean.

I have installed certbot in a bit to create certificates for the domains. However, when I add the txt record to wix and try to validate the challenge, I get the error:

Failed authorization procedure. exampledomain.com (dns-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect TXT record "BHI-gqev2kAgvytiltiAj6R6Rxdzu3GDDhnWRUZ6E6o" (and 1 more) found at _acme-challenge.exampledomain.com

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: exampledomain.com
    Type: unauthorized
    Detail: Incorrect TXT record
    “BHI-gqev2kAgvytiltiAj6R6Rxdzu3GDDhnWRUZ6E6o” (and 1 more) found at
    _acme-challenge.exampledomain.com

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address.

Any insights on how I can resolve this?

2

Hi, if you can provide your real domain I could help you check, otherwise you can verify the correct TXT records are presented using the linux dig command: dig -t TXT _acme-challenge.exampledomain.com

I’m assuming you are using the manual DNS validation mode in Certify (not certbot).

The most common reason for a DNS validation error is that your TXT record is either not present, added as an A record instead of a TXT record, or hasn’t had time to propagate changes to all of your nameservers (this can take while depending on your DNS provider).

You can also you https://letsdebug.net to identify common issues.

3

Also if you are validating subdomains, the TXT record you are trying to create is _acme-challenge.yoursubdomain.exampledomain.com

4

As a side note, if you don’t have access to linux/dig… Windows can do it as well:

nslookup -type=TXT _acme-challenge.exampledomain.com
1 Like