Let's Encrypt wildcard for domain aliases and pointers failing

ilan

Verified User
Joined
Feb 5, 2004
Messages
50
Location
Mexico City
Hi,

I have been using the recently added letsencrypt wildcard certificates feature and in general works very good, some times I need to issue twice the initial request, but after that seems to be working fine.

The issue I'm having is that on domain aliases and pointers the wildcard certificate fails to be created, here is the output I get at the message system:

Code:
Subject: Error with LetsEncrypt request
Found wildcard domain name and http-01 challenge type, switching to dns-01 validation.
Requesting new certificate order...
Processing authorization for main-domain.edu.mx...
Challenge is valid.
Processing authorization for domain-alias.edu.mx...
Waiting for domain verification...
Challenge is valid.
Challenge is valid.
Processing authorization for main-domain.edu.mx...
DNS challenge test fail for _acme-challenge.main-domain.edu.mx IN TXT "hqHW-ejm6UHiRsLvXJEZmEjBc2TXtAjmGpAGNCtJKBM", retrying...
Retry failed, trying again in 15s...
Retry failed, trying again in 15s...
Retry failed, trying again in 15s...
Retry failed, trying again in 15s...
Waiting for domain verification...
Challenge is valid.
Challenge is valid.
Processing authorization for domain-alias.edu.mx...
grep: RKQ3zj7ijHvIbmhIWAonxsyePoINjN47zuFgN3h: invalid context length argument
DNS challenge test fail for _acme-challenge.domain-alias.edu.mx IN TXT "-GaBRKQ3zj7ijHvIbmhIWAonxsyePoINjN47zuFgN3h", retrying...
grep: RKQ3zj7ijHvIbmhIWAonxsyePoINjN47zuFgN3h: invalid context length argument
Retry failed, trying again in 15s...
grep: RKQ3zj7ijHvIbmhIWAonxsyePoINjN47zuFgN3h: invalid context length argument
[... etc ...]
Retry failed, trying again in 15s...
grep: RKQ3zj7ijHvIbmhIWAonxsyePoINjN47zuFgN3h: invalid context length argument
Retry failed, trying again in 15s...
grep: RKQ3zj7ijHvIbmhIWAonxsyePoINjN47zuFgN3h: invalid context length argument
DNS validation failed. Exiting...

Not sure if this is relevant, but I see that length of the hash TXT in the grep shown here seems to be shorter than the actual TXT value (it's missing the 4 first characters, I did test by adding the shorter value to the DNS but that didn't help).

I have tested on multiple domains and servers and the issue is consistent with all aliases and pointers, if I just request the certificate for the main domain, the wildcard certificate is issued correctly.

Regards
 
Back
Top