I wanted to add SSL to a website i quickly spun up on a Lightsail instance. It was running on a subdomain. I ran into a hiccup with getting the domain verified via TXT entries in DNS when using Let’s Encrypt to setup SSL on a subdomain via GoDaddy DNS.
In case you’re interested, here are the commands i used to manually add SSL with Let’s Encrypt with domain verification and prompts.
mycli:~$ DOMAIN=sandbox2.mydomainname.com mycli:~$ WILDCARD=*.$DOMAIN mycli:~$ sudo certbot -d $DOMAIN -d $WILDCARD --manual --preferred-challenges dns certonly
I followed Amazon’s instructions verbatim to verify i owed the domain sandbox2.mydomainname.com.
The certbot command will prompt you to add two distinct TXT entries to DNS, both entries will use _acme-challenge.sandbox2.mydomainname.com as the Host value and a unique Value as provided by certbot.
I waited 48 hours but still nothing when i kept testing the DNS entries. Kept saying nothing was published in DNS.
Super frustrating. I did some digging/googling, looking specifically for getting SSL installed via Let’s Encrypt with GoDaddy DNS since their my job’s registrar (unfortunately), and in a comment for something unrelated i found something that seemed that it could help.
Instead of the Host value including the domain name like so,
i removed the domain portion and kept the subdomain so the Host value was now just:
See screenshot below. Slight difference, but i was then able to run and pass the MXToolbox test for TXT verification within two minutes of making the change. Ridiculous waste of 48 hours waiting.
Hope that saves you some time! Cheers.
2019.04.15 – Update:
FYI, the above certbot commands ended up breaking my site configuration. Might not have been solely them but some other things i updated at the same time and didn’t make a snapshot beforehand. So the domain verification will work with the above, but the certbot commands may harm your site.
Either way, here are much better Bitnami configured tools to auto-configure Let’s Encrypt on Lightsail: Auto-Configure a Let’s Encrypt Certificate.