Certbot wildcard help needed

[Joveice]

Hello,

 

I tried to do a wildcard with certbot but this is the output:

 

Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA. You may need to use an authenticator plugin that can do challenges over DNS.

My command

sudo certbot -d *.example.com certonly --server https://acme-v02.api.letsencrypt.org/directory --pre-hook "systemctl stop stop" --post-hook "systemctl start nginx" --manual --preferred-challenges http 

and before that I tried the DNS part

sudo certbot -d *.example.com certonly --server https://acme-v02.api.letsencrypt.org/directory --pre-hook "systemctl stop nginx" --post-hook "systemctl start nginx" --manual --preferred-challenges dns

Added the txt token to the DNS  and this happened:

Failed authorization procedure. example.com (dns-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.example.com

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: example.com
   Type:   connection
   Detail: DNS problem: NXDOMAIN looking up TXT for
   _acme-challenge.example.com

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address. Additionally, please check that
   your computer has a publicly routable IP address and that no
   firewalls are preventing the server from communicating with the
   client. If you're using the webroot plugin, you should also verify
   that you are serving files from the webroot path you provided.

Could someone help me on this?

[Granular]

As I understand it, Let's Encrypt will only give you a wildcard certificate if you can complete the DNS challenge.

And the error for the DNS challenge says that it tried looking up the TXT record it wanted you to add in the DNS and received the NXDOMAIN response, meaning the authoritative DNS server told them that the record they're looking for doesn't exist.

[Joveice]

12 minutes ago, Granular said:

As I understand it, Let's Encrypt will only give you a wildcard certificate if you can complete the DNS challenge.

And the error for the DNS challenge says that it tried looking up the TXT record it wanted you to add in the DNS and received the NXDOMAIN response, meaning the authoritative DNS server told them that the record they're looking for doesn't exist.

Oh

[Granular]

1 minute ago, Joveice said:

Oh

Did you add the record when you ran certbot? What DNS are you using?

[Joveice]

3 minutes ago, Granular said:

Did you add the record when you ran certbot? What DNS are you using?

I did, I use namecheap.

 

I'm now getting a error that the token found is wrong (which is correct as thats the last token I used) I'm currently waiting the 1 minute ttl time before I press continue.

 

EDIT:

And that worked  Thanks for putting me on the right track!

[Joveice]

Now with the wildcard I'm able to have non published local sites have a SSL without chrome going mayhem as it's not from a trusted CA