Error Adding Text Record to Domain

cloud9 · Feb 25, 2025

Please fill in any relevant information that applies to you:

CentOS Version: AlmaLinux 8
Centmin Mod Version Installed: Latest Beta
Nginx Version Installed: 1.27.1
PHP Version Installed:8.1.31
MariaDB MySQL Version Installed: 10.6.21
When was last time updated Centmin Mod code base ? today
Persistent Config:

Installing new WP option 22

cant see anything wrong with domain setup

Code:

----------------------------------------------------------- reissue & install letsencrypt ssl certificate for MYWWWSITE.com ----------------------------------------------------------- /root/.acme.sh/acme.sh --force --createDomainKey -d MYWWWSITE.com -d www.MYWWWSITE.com -k 2048 --useragent centminmod-el8-acmesh-webroot [Tue Feb 25 12:41:05 UTC 2025] Creating domain key [Tue Feb 25 12:41:05 UTC 2025] The domain key is here: /root/.acme.sh/MYWWWSITE.com/MYWWWSITE.com.key testcert value = lived /root/.acme.sh/acme.sh --force --dns dns_cf --issue -d MYWWWSITE.com -d www.MYWWWSITE.com --days 60 --pre-hook "/usr/local/src/centminmod/tools/pre-acme-hooks.sh all-check MYWWWSITE.com" -k "2048" --useragent "centminmod-el8-acmesh-webroot" --log /root/centminlogs/acmetool.sh-debug-log-250225-124100.log --log-level 2 --preferred-chain "ISRG" [Tue Feb 25 12:41:06 UTC 2025] Using CA: https://acme-v02.api.letsencrypt.org/directory [Tue Feb 25 12:41:06 UTC 2025] Runing pre hook:'/usr/local/src/centminmod/tools/pre-acme-hooks.sh all-check MYWWWSITE.com' Nginx root path: /home/nginx/domains/MYWWWSITE.com/public Le_Webroot: dns_cf The root paths match. Proceeding with the acme.sh operation. [Tue Feb 25 12:41:07 UTC 2025] Multi domain='DNS:MYWWWSITE.com,DNS:www.MYWWWSITE.com' [Tue Feb 25 12:41:10 UTC 2025] Getting webroot for domain='MYWWWSITE.com' [Tue Feb 25 12:41:10 UTC 2025] Getting webroot for domain='www.MYWWWSITE.com' [Tue Feb 25 12:41:10 UTC 2025] Adding TXT value: m6CO2moO9Ab3Y2ryjBla7P0grDzIoP2Dry2XfzWR1OQ for domain: _acme-challenge.MYWWWSITE.com [Tue Feb 25 12:41:13 UTC 2025] invalid domain [Tue Feb 25 12:41:13 UTC 2025] Error adding TXT record to domain: _acme-challenge.MYWWWSITE.com [Tue Feb 25 12:41:13 UTC 2025] Please check log file for more details: /root/centminlogs/acmetool.sh-debug-log-250225-124100.log LECHECK = 1 log files saved at /root/centminlogs -rw-r--r-- 1 root root 40K Feb 25 12:41 acmetool.sh-debug-log-250225-124100.log -rw-r--r-- 1 root root 4.9K Feb 25 12:41 acmesh-reissue_250225-124100.log

LetsDebug http-01 test on the domain - reports and all ok

Using Option 22 i installed with 4 for full https

In the log file i have this

Code:

[Tue Feb 25 12:41:12 UTC 2025] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g '
[Tue Feb 25 12:41:13 UTC 2025] ret='0'
[Tue Feb 25 12:41:13 UTC 2025] response='{"success":false,"errors":[{"code":6003,"message":"Invalid request headers","error_chain":[{"code":6111,"message":"Invalid format for Authorization header"}]}],"messages":[],"result":null}'
[Tue Feb 25 12:41:13 UTC 2025] h
[Tue Feb 25 12:41:13 UTC 2025] invalid domain
[Tue Feb 25 12:41:13 UTC 2025] Error adding TXT record to domain:

eva2000 · Feb 26, 2025

Strange. The easiest thing to confirm first is if you created your Cloudflare API Token with an expiry date. I did that once and couldn't figure out why some of scripts stopped working after a few months. It was because I set an expiry date on my API token

Other is check persistent config file API token reference in /etc/centminmod/custom_config.inc, a stray single or double quote for variable value could break how Centmin Mod reads the variable values.

cloud9 · Feb 26, 2025

Im not behind cloudflare on this website (yet) the dns at namecheap all points to the server rather than namecheap

Just looked at custom config and all looks fine in there
Code:
# Add CLOUDFLARE July 2024 added - see - https://centminmod.com/letsencrypt-freessl.html#dns
CF_DNSAPI_GLOBAL='y'
CF_Token="6be7d901XXXXXXXXXXXXXXXe583f658cc95"
CF_Account_ID="a042XXXXXXXXXXXXXXXfa1241332"
Will check my cloudflare account now - But would this not break my other websites ssl's ?? As they are all fine

cloud9 · Feb 26, 2025

In Cloudflare - In global API Key - there is no date that i can see

In the Zone.Zone for the read and edit things - no date set either

eva2000 · Feb 27, 2025

cloud9 said: ↑

Im not behind cloudflare on this website (yet) the dns at namecheap all points to the server rather than namecheap
Click to expand...

That's the issue then. You would of needed to set CF_DNSAPI_GLOBAL='n' prior to that new Centmin Mod Nginx vhost creation to skip using Cloudflare DNS API for let's encrypt domain validation. Then set it back to CF_DNSAPI_GLOBAL='y' after Centmin Mod Nginx vhost is created. This will record the Nginx vhost domain profile in /root/.acme.sh domain name directory based Letsencrypt profiles to use the method at time of Centmin Mod Nginx HTTPS creation. You can try deleting those profiles for the domain , then set CF_DNSAPI_GLOBAL='n' temporarily, then either delete the existing Wordpress nginx vhost if there is no data via uninstall skip it generated or run acmetool.sh reissue-only command.

With CF_DNSAPI_GLOBAL='n' set temporarily try acmetool.sh add reissue-only option for existing nginx HTTPS SSL vhosts with domain.com.ssl.conf vhost config files that exist. This only does reissue of letsencrypt SSL cert without touching the nginx vhost. Ideal for use when you tried creating a Nginx HTTPS SSL default vhost site but letsencrypt SSL issuance failed the first time. When it fails, Centmin Mod usually falls back to self-signed SSL as a place holder for the domain.com.ssl.conf vhost config. When you run:
Code (Text):
cd /usr/local/src/centminmod/addons
./acmetool.sh reissue-only domain.com live
It will only try reissuing the letsencrypt SSL certificate for the domain = domain.com for live production SSL certificate without touching any of the existing nginx vhost at domain.com.ssl.conf

cloud9 · Feb 27, 2025

Thankyou @eva2000

That was the problem - have made a note in the config file for the fuuture - so i dont make the same mistake again

Again Thanks

And is it ok if I pm you re a problem on another server that i would like you to fix and pay you for (no rush)

eva2000 · Mar 1, 2025

cloud9 said: ↑

And is it ok if I pm you re a problem on another server that i would like you to fix and pay you for (no rush)
Click to expand...

Yeah private message me

redbird · Feb 14, 2026

@eva2000 I'm having the same error trying to use let's encrypt for a subdomain vhost:
invalid domain
Error adding TXT record to domain: _acme-challenge.MYWWWSITE.com

The instructions are not clear.
1) for CF_Token and CF_Account_ID should I use double quotes or single quotes?
Screenshot

2) which API key should I use? confi says API_GLOBAL.
custom created API token or Global API key?
Screenshot

Update:
I see what I did wrong. I haven't specified TTL for the api token.

redbird · Feb 15, 2026

@eva2000

Ok I've managed to have letsencrypt certificates installed properly but help my understand how it works and if I'm missing something.

1) I have a subdomain xxx.domain.com in cloudflare pointing to server's IP address with proxy setting off.
2) I use #2 in centmin to create a vhost for that subdomain with both self-signed and letsencrypt certificates. Works fine and letsencrypt certificate can be verified by running /usr/local/src/centminmod/addons/acmetool.sh checkdates
3) Now when try to point to that subdomain in browser, it shows "unsecure" it cannot verify the certificate.
4) If I enable proxy in CF and change SSL/TLS setting to full (strict), CF also cannot validate the certificate.

What am I missing? It seems that vhost is using self-signed certificate instead of letsencrypt? Or why is letsencrypt one is not validating?

eva2000 · Feb 16, 2026

Are you following Letsencrypt Domain DNS Validation instructions?

redbird · Feb 16, 2026

eva2000 said: ↑

Are you following Letsencrypt Domain DNS Validation instructions?
Click to expand...

Yes I did that. CF domain verification goes through just fine.

eva2000 · Feb 18, 2026

redbird said: ↑

Yes I did that. CF domain verification goes through just fine.
Click to expand...

You mean Letsencrypt SSL certificate is issued ok? or not? I'd double check your /etc/centminmod/custom_config.inc persistent config file to ensure the entries in there are formatted correctly i.e. extra quotes or trailing spaces

Log in / Register

Forums

Learn about Centmin Mod LEMP Stack today

Error Adding Text Record to Domain

cloud9 Active Member

eva2000 Administrator Staff Member

cloud9 Active Member

cloud9 Active Member

eva2000 Administrator Staff Member

cloud9 Active Member

eva2000 Administrator Staff Member

redbird Member

redbird Member

eva2000 Administrator Staff Member

redbird Member

eva2000 Administrator Staff Member

.

Log in / Register

Useful Searches

Learn about Centmin Mod LEMP Stack today

Error Adding Text Record to Domain

cloud9 Active Member

eva2000 Administrator Staff Member

cloud9 Active Member

cloud9 Active Member

eva2000 Administrator Staff Member

cloud9 Active Member

eva2000 Administrator Staff Member

redbird Member

redbird Member

eva2000 Administrator Staff Member

redbird Member

eva2000 Administrator Staff Member

.