DNS Challenge with goDaddy Fails with Wildcard Domain.

Checklist

Have you pulled and found the error with jc21/nginx-proxy-manager:latest docker image?
- Yes
Are you sure you're not using someone else's docker image?
- Yes
Have you searched for similar issues (both open and closed)?
- Yes (but didnt find any.... to many results with dns issues)

Describe the bug Can't issue a wildcard certificate with Let's encrypt on goDaddy.

Nginx Proxy Manager Version V2.11.1

To Reproduce Steps to reproduce the behavior: Create a new Wildcard SSL Certificate with DNS on goDaddy.com

Expected behavior Certificate works. The strange thing is, it DID work few days ago! But then i had some issues with broken certificates missing npm-12 folder and had to delete all, so i ran into Let's encrypt "maximum certificates used" limit. I could create normal Let's Encrypt certificates just fine 5 minutes ago. But Wildcard with DNS challenge doesn't work.

Error in Web Interface

CommandError: Saving debug log to /tmp/letsencrypt-log/letsencrypt.log Some challenges have failed. Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /tmp/letsencrypt-log/letsencrypt.log or re-run Certbot with -v for more details.

at /app/lib/utils.js:16:13
at ChildProcess.exithandler (node:child_process:430:5)
at ChildProcess.emit (node:events:518:28)
at maybeClose (node:internal/child_process:1105:16)
at Socket. (node:internal/child_process:457:11)
at Socket.emit (node:events:518:28)
at Pipe. (node:net:337:12)

and here we go with the log to /tmp/letsencrypt-log/letsencrypt.log

cat letsencrypt.log
2024-02-08 02:02:50,763:DEBUG:certbot._internal.main:certbot version: 2.8.0
2024-02-08 02:02:50,772:DEBUG:certbot._internal.main:Location of certbot entry point: /opt/certbot/bin/certbot
2024-02-08 02:02:50,772:DEBUG:certbot._internal.main:Arguments: ['--config', '/etc/letsencrypt.ini', '--work-dir', '/tmp/letsencrypt-lib', '--logs-dir', '/tmp/letsencrypt-log', '--cert-name', 'npm-14', '--agree-tos', '--email', 'haldi4803@pm.me', '--domains', '*.domain.com', '--authenticator', 'dns-godaddy', '--dns-godaddy-credentials', '/etc/letsencrypt/credentials/credentials-14']
2024-02-08 02:02:50,773:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#dns-godaddy,PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2024-02-08 02:02:50,818:DEBUG:certbot._internal.log:Root logging level set at 30
2024-02-08 02:02:50,821:DEBUG:certbot._internal.plugins.selection:Requested authenticator dns-godaddy and installer None
2024-02-08 02:02:50,822:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * dns-godaddy
Description: Obtain certificates using a DNS TXT record (if you are using GoDaddy for DNS).
Interfaces: Authenticator, Plugin
Entry point: EntryPoint(name='dns-godaddy', value='certbot_dns_godaddy:Authenticator', group='certbot.plugins')
Initialized: <certbot_dns_godaddy.Authenticator object at 0x7fa54a7210>
Prep: True
2024-02-08 02:02:50,823:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot_dns_godaddy.Authenticator object at 0x7fa54a7210> and installer None
2024-02-08 02:02:50,824:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator dns-godaddy, Installer None
2024-02-08 02:02:51,176:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/1553524717', new_authzr_uri=None, terms_of_service=None), e5cb160efd66510c74e0ac7d07afe24b, Meta(creation_dt=datetime.datetime(2024, 2, 4, 19, 28, 12, tzinfo=<UTC>), creation_host='OpenWrt.lan', register_to_eff=None))>
2024-02-08 02:02:51,178:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2024-02-08 02:02:51,185:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2024-02-08 02:02:51,646:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 752
2024-02-08 02:02:51,647:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 08 Feb 2024 02:02:51 GMT
Content-Type: application/json
Content-Length: 752
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "KtBKA6R8xmA": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf",
    "website": "https://letsencrypt.org"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "renewalInfo": "https://acme-v02.api.letsencrypt.org/draft-ietf-acme-ari-02/renewalInfo/",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
2024-02-08 02:02:51,649:DEBUG:certbot._internal.display.obj:Notifying user: Requesting a certificate for *.domain.com
2024-02-08 02:02:51,670:DEBUG:acme.client:Requesting fresh nonce
2024-02-08 02:02:51,671:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2024-02-08 02:02:51,827:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2024-02-08 02:02:51,828:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 08 Feb 2024 02:02:51 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 5IXlosaqaNf3PUQMFOqT83Vvna2c5j-wR073LI5wvZX4h7esq6w
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

2024-02-08 02:02:51,829:DEBUG:acme.client:Storing nonce: 5IXlosaqaNf3PUQMFOqT83Vvna2c5j-wR073LI5wvZX4h7esq6w
2024-02-08 02:02:51,830:DEBUG:acme.client:JWS payload:
b'{\n  "identifiers": [\n    {\n      "type": "dns",\n      "value": "*.domain.com"\n    }\n  ]\n}'
2024-02-08 02:02:51,842:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
  "protected": "eyJhb25jZ*************************dy1vcmRlciJ9",
  "signature": "mDAs****************************n_7TmVvAaGrRwiw",
  "payload": "ew*****************ogIF0KfQ"
}
2024-02-08 02:02:52,125:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 337
2024-02-08 02:02:52,126:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Thu, 08 Feb 2024 02:02:52 GMT
Content-Type: application/json
Content-Length: 337
Connection: keep-alive
Boulder-Requester: 1553524717
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-v02.api.letsencrypt.org/acme/order/1553524717/242734277837
Replay-Nonce: 5IXlosaqqKtVsK_QN1kKIuMQqXg7ZMQOK6VfBa1dCg-Uo0S0RVA
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "status": "pending",
  "expires": "2024-02-15T02:02:51Z",
  "identifiers": [
    {
      "type": "dns",
      "value": "*.domain.com"
    }
  ],
  "authorizations": [
    "https://acme-v02.api.letsencrypt.org/acme/authz-v3/312816706477"
  ],
  "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/1553524717/242734277837"
}
2024-02-08 02:02:52,127:DEBUG:acme.client:Storing nonce: 5IXlosaqqKtVsK_QN1kKIuMQqXg7ZMQOK6VfBa1dCg-Uo0S0RVA
2024-02-08 02:02:52,128:DEBUG:acme.client:JWS payload:
b''
2024-02-08 02:02:52,135:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/312816706477:
{
  "protected": "e*******************IjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzMxMjgxNjcwNjQ3NyJ9",
  "signature": "cuo**************************hvlqc6ZmV_1Oak4KohM3mpnkbmB1boaaG8LW29rRxiHMVll_kwIJ_tgnDFgdfMt_kl05nTd_LwVJ2Nw1wFdawbo2E1zfGVrIR_mVtZUpMS7Yh5j06W98mcUdwZyAO6ojYENLdgmd5TYaeHsD27gnZZg",
  "payload": ""
}
2024-02-08 02:02:52,296:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/312816706477 HTTP/1.1" 200 383
2024-02-08 02:02:52,298:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 08 Feb 2024 02:02:52 GMT
Content-Type: application/json
Content-Length: 383
Connection: keep-alive
Boulder-Requester: 1553524717
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 5IXlosaq7EW644Wis2uCA9W2BzObh12fpX7KyK86flA-VDuPSQw
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "domain.com"
  },
  "status": "pending",
  "expires": "2024-02-15T02:02:51Z",
  "challenges": [
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/312816706477/Rh7qFQ",
      "token": "yV***********************E1f5E"
    }
  ],
  "wildcard": true
}
2024-02-08 02:02:52,299:DEBUG:acme.client:Storing nonce: 5IXlosaq7EW644Wis2uCA9W2BzObh12fpX7KyK86flA-VDuPSQw
2024-02-08 02:02:52,300:INFO:certbot._internal.auth_handler:Performing the following challenges:
2024-02-08 02:02:52,301:INFO:certbot._internal.auth_handler:dns-01 challenge for domain.com
2024-02-08 02:02:52,459:DEBUG:root:Parameter resolve_zone_name is not set, use tldextract to guess the zone name from known TLDs
2024-02-08 02:02:52,460:DEBUG:filelock:Attempting to acquire lock 548199759696 on /tmp/npmuserhome/.lexicon_tld_set/publicsuffix.org-tlds/de84b5ca2167d4c83e38fb162f2e8738.tldextract.json.lock
2024-02-08 02:02:52,460:DEBUG:filelock:Lock 548199759696 acquired on /tmp/npmuserhome/.lexicon_tld_set/publicsuffix.org-tlds/de84b5ca2167d4c83e38fb162f2e8738.tldextract.json.lock
2024-02-08 02:02:52,465:DEBUG:filelock:Attempting to release lock 548199759696 on /tmp/npmuserhome/.lexicon_tld_set/publicsuffix.org-tlds/de84b5ca2167d4c83e38fb162f2e8738.tldextract.json.lock
2024-02-08 02:02:52,465:DEBUG:filelock:Lock 548199759696 released on /tmp/npmuserhome/.lexicon_tld_set/publicsuffix.org-tlds/de84b5ca2167d4c83e38fb162f2e8738.tldextract.json.lock
2024-02-08 02:02:52,674:DEBUG:root:Actual zone name resolved for domain domain.com: domain.com
2024-02-08 02:02:52,674:DEBUG:root:Override resolved zone name because --delegated option is set: domain.com
2024-02-08 02:02:52,703:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): api.godaddy.com:443
2024-02-08 02:02:53,426:DEBUG:urllib3.connectionpool:https://api.godaddy.com:443 "GET /v1/domains/domain.com HTTP/1.1" 200 1597
2024-02-08 02:02:53,594:DEBUG:root:Parameter resolve_zone_name is not set, use tldextract to guess the zone name from known TLDs
2024-02-08 02:02:53,595:DEBUG:filelock:Attempting to acquire lock 548195556240 on /tmp/npmuserhome/.lexicon_tld_set/publicsuffix.org-tlds/de84b5ca2167d4c83e38fb162f2e8738.tldextract.json.lock
2024-02-08 02:02:53,595:DEBUG:filelock:Lock 548195556240 acquired on /tmp/npmuserhome/.lexicon_tld_set/publicsuffix.org-tlds/de84b5ca2167d4c83e38fb162f2e8738.tldextract.json.lock
2024-02-08 02:02:53,600:DEBUG:filelock:Attempting to release lock 548195556240 on /tmp/npmuserhome/.lexicon_tld_set/publicsuffix.org-tlds/de84b5ca2167d4c83e38fb162f2e8738.tldextract.json.lock
2024-02-08 02:02:53,601:DEBUG:filelock:Lock 548195556240 released on /tmp/npmuserhome/.lexicon_tld_set/publicsuffix.org-tlds/de84b5ca2167d4c83e38fb162f2e8738.tldextract.json.lock
2024-02-08 02:02:53,725:DEBUG:root:Actual zone name resolved for domain domain.com: domain.com
2024-02-08 02:02:53,726:DEBUG:root:Override resolved zone name because --delegated option is set: domain.com
2024-02-08 02:02:53,754:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): api.godaddy.com:443
2024-02-08 02:02:54,433:DEBUG:urllib3.connectionpool:https://api.godaddy.com:443 "GET /v1/domains/domain.com HTTP/1.1" 200 1597
2024-02-08 02:02:54,445:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): api.godaddy.com:443
2024-02-08 02:02:54,837:DEBUG:urllib3.connectionpool:https://api.godaddy.com:443 "GET /v1/domains/domain.com/records/TXT/_acme-challenge HTTP/1.1" 200 3
2024-02-08 02:02:54,850:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): api.godaddy.com:443
2024-02-08 02:02:55,399:DEBUG:urllib3.connectionpool:https://api.godaddy.com:443 "PUT /v1/domains/domain.com/records/TXT/_acme-challenge HTTP/1.1" 200 0
2024-02-08 02:02:55,406:DEBUG:lexicon._private.providers.godaddy:create_record: TXT _acme-challenge.domain.com Pt3UtoIZ0sGLuqwEF8Pcf-2azhZ4KPQ03MWp4oeQafc
2024-02-08 02:02:55,409:DEBUG:certbot._internal.display.obj:Notifying user: Waiting 30 seconds for DNS changes to propagate
2024-02-08 02:03:25,411:DEBUG:acme.client:JWS payload:
b'{}'
2024-02-08 02:03:25,418:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/312816706477/Rh7qFQ:
{
  "protected": "e************************XJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2NoYWxsLXYzLzMxMjgxNjcwNjQ3Ny9SaDdxRlEifQ",
  "signature": "Am**********************o51Sk7AXYVq09CdIPxrZbaAXavC-TNJwgWIY4PjkLUiCANpqypsBQ4xSpPVhV64BJS0R_7ognY8-reKCOtCh0GB6vSCl_8udDZBP_rjb254XRcMe9OhRvYG3V2mFcK0LTAc6HdxK7_vx9lQ",
  "payload": "e30"
}
2024-02-08 02:03:25,421:DEBUG:urllib3.connectionpool:Resetting dropped connection: acme-v02.api.letsencrypt.org
2024-02-08 02:03:26,323:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/312816706477/Rh7qFQ HTTP/1.1" 200 186
2024-02-08 02:03:26,324:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 08 Feb 2024 02:03:26 GMT
Content-Type: application/json
Content-Length: 186
Connection: keep-alive
Boulder-Requester: 1553524717
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-v02.api.letsencrypt.org/acme/authz-v3/312816706477>;rel="up"
Location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/312816706477/Rh7qFQ
Replay-Nonce: 2ksh1KUsed2EI1rn8J4bLcWRZl8usS8DkN9YO4sdj4PQCzQziX0
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "type": "dns-01",
  "status": "pending",
  "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/312816706477/Rh7qFQ",
  "token": "yVW**********E1f5E"
}
2024-02-08 02:03:26,325:DEBUG:acme.client:Storing nonce: 2ksh1KUsed2EI1rn8J4bLcWRZl8usS8DkN9YO4sdj4PQCzQziX0
2024-02-08 02:03:26,326:INFO:certbot._internal.auth_handler:Waiting for verification...
2024-02-08 02:03:27,327:DEBUG:acme.client:JWS payload:
b''
2024-02-08 02:03:27,334:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/312816706477:
{
  "protected": "ey********************sIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzMxMjgxNjcwNjQ3NyJ9",
  "signature": "qQ************************************k2d1ZC6nht_FZXgLZGqvoq3Cyq1fuT6pavrfABB3Ne4LftTklSzNh3G6yUW9cu8o3-iE9uigToDuJePNRKrpLSseE5eCdxRd2mY_SuviZebsZE2czLsiz3zaVR5f_OfbfwVgB3GMLllM4BDWC0y5oasAxg",
  "payload": ""
}
2024-02-08 02:03:27,611:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/312816706477 HTTP/1.1" 200 603
2024-02-08 02:03:27,612:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 08 Feb 2024 02:03:27 GMT
Content-Type: application/json
Content-Length: 603
Connection: keep-alive
Boulder-Requester: 1553524717
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: kRyagOpU9EP2zBD6WwU4CtvKtOT5IrMkgzTG1hA5vqqF0EAnPOE
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "domain.com"
  },
  "status": "invalid",
  "expires": "2024-02-15T02:02:51Z",
  "challenges": [
    {
      "type": "dns-01",
      "status": "invalid",
      "error": {
        "type": "urn:ietf:params:acme:error:unauthorized",
        "detail": "No TXT record found at _acme-challenge.domain.com",
        "status": 403
      },
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/312816706477/Rh7qFQ",
      "token": "yV****************f5E",
      "validated": "2024-02-08T02:03:26Z"
    }
  ],
  "wildcard": true
}
2024-02-08 02:03:27,612:DEBUG:acme.client:Storing nonce: kRyagOpU9EP2zBD6WwU4CtvKtOT5IrMkgzTG1hA5vqqF0EAnPOE
2024-02-08 02:03:27,613:INFO:certbot._internal.auth_handler:Challenge failed for domain domain.com
2024-02-08 02:03:27,614:INFO:certbot._internal.auth_handler:dns-01 challenge for domain.com
2024-02-08 02:03:27,614:DEBUG:certbot._internal.display.obj:Notifying user: 
Certbot failed to authenticate some domains (authenticator: dns-godaddy). The Certificate Authority reported these problems:
  Domain: domain.com
  Type:   unauthorized
  Detail: No TXT record found at _acme-challenge.domain.com

Hint: The Certificate Authority failed to verify the DNS TXT records created by --dns-godaddy. Ensure the above domains are hosted by this DNS provider, or try increasing --dns-godaddy-propagation-seconds (currently 30 seconds).

2024-02-08 02:03:27,617:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
  File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/auth_handler.py", line 108, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, max_time_mins, best_effort)
  File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/auth_handler.py", line 212, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.

2024-02-08 02:03:27,617:DEBUG:certbot._internal.error_handler:Calling registered functions
2024-02-08 02:03:27,617:INFO:certbot._internal.auth_handler:Cleaning up challenges
2024-02-08 02:03:27,777:DEBUG:root:Parameter resolve_zone_name is not set, use tldextract to guess the zone name from known TLDs
2024-02-08 02:03:27,778:DEBUG:filelock:Attempting to acquire lock 548193093136 on /tmp/npmuserhome/.lexicon_tld_set/publicsuffix.org-tlds/de84b5ca2167d4c83e38fb162f2e8738.tldextract.json.lock
2024-02-08 02:03:27,779:DEBUG:filelock:Lock 548193093136 acquired on /tmp/npmuserhome/.lexicon_tld_set/publicsuffix.org-tlds/de84b5ca2167d4c83e38fb162f2e8738.tldextract.json.lock
2024-02-08 02:03:27,783:DEBUG:filelock:Attempting to release lock 548193093136 on /tmp/npmuserhome/.lexicon_tld_set/publicsuffix.org-tlds/de84b5ca2167d4c83e38fb162f2e8738.tldextract.json.lock
2024-02-08 02:03:27,784:DEBUG:filelock:Lock 548193093136 released on /tmp/npmuserhome/.lexicon_tld_set/publicsuffix.org-tlds/de84b5ca2167d4c83e38fb162f2e8738.tldextract.json.lock
2024-02-08 02:03:27,912:DEBUG:root:Actual zone name resolved for domain domain.com: domain.com
2024-02-08 02:03:27,912:DEBUG:root:Override resolved zone name because --delegated option is set: domain.com
2024-02-08 02:03:27,941:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): api.godaddy.com:443
2024-02-08 02:03:28,630:DEBUG:urllib3.connectionpool:https://api.godaddy.com:443 "GET /v1/domains/domain.com HTTP/1.1" 200 1597
2024-02-08 02:03:28,801:DEBUG:root:Parameter resolve_zone_name is not set, use tldextract to guess the zone name from known TLDs
2024-02-08 02:03:28,802:DEBUG:filelock:Attempting to acquire lock 548199646736 on /tmp/npmuserhome/.lexicon_tld_set/publicsuffix.org-tlds/de84b5ca2167d4c83e38fb162f2e8738.tldextract.json.lock
2024-02-08 02:03:28,803:DEBUG:filelock:Lock 548199646736 acquired on /tmp/npmuserhome/.lexicon_tld_set/publicsuffix.org-tlds/de84b5ca2167d4c83e38fb162f2e8738.tldextract.json.lock
2024-02-08 02:03:28,807:DEBUG:filelock:Attempting to release lock 548199646736 on /tmp/npmuserhome/.lexicon_tld_set/publicsuffix.org-tlds/de84b5ca2167d4c83e38fb162f2e8738.tldextract.json.lock
2024-02-08 02:03:28,808:DEBUG:filelock:Lock 548199646736 released on /tmp/npmuserhome/.lexicon_tld_set/publicsuffix.org-tlds/de84b5ca2167d4c83e38fb162f2e8738.tldextract.json.lock
2024-02-08 02:03:29,019:DEBUG:root:Actual zone name resolved for domain domain.com: domain.com
2024-02-08 02:03:29,020:DEBUG:root:Override resolved zone name because --delegated option is set: domain.com
2024-02-08 02:03:29,049:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): api.godaddy.com:443
2024-02-08 02:03:29,717:DEBUG:urllib3.connectionpool:https://api.godaddy.com:443 "GET /v1/domains/domain.com HTTP/1.1" 200 1597
2024-02-08 02:03:29,729:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): api.godaddy.com:443
2024-02-08 02:03:30,140:DEBUG:urllib3.connectionpool:https://api.godaddy.com:443 "GET /v1/domains/domain.com/records HTTP/1.1" 200 508
2024-02-08 02:03:30,153:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): api.godaddy.com:443
2024-02-08 02:03:30,702:DEBUG:urllib3.connectionpool:https://api.godaddy.com:443 "PUT /v1/domains/domain.com/records/TXT HTTP/1.1" 200 0
2024-02-08 02:03:30,712:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): api.godaddy.com:443
2024-02-08 02:03:31,383:DEBUG:urllib3.connectionpool:https://api.godaddy.com:443 "DELETE /v1/domains/domain.com/records/TXT/_acme-challenge HTTP/1.1" 204 0
2024-02-08 02:03:31,390:DEBUG:lexicon._private.providers.godaddy:delete_records: TXT _acme-challenge.domain.com Pt3UtoIZ0sGLuqwEF8Pcf-2azhZ4KPQ03MWp4oeQafc
2024-02-08 02:03:31,392:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "/opt/certbot/bin/certbot", line 8, in <module>
    sys.exit(main())
             ^^^^^^
  File "/opt/certbot/lib/python3.11/site-packages/certbot/main.py", line 19, in main
    return internal_main.main(cli_args)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/main.py", line 1869, in main
    return config.func(config, plugins)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/main.py", line 1600, in certonly
    lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/main.py", line 143, in _get_and_save_cert
    lineage = le_client.obtain_and_enroll_certificate(domains, certname)
              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/client.py", line 517, in obtain_and_enroll_certificate
    cert, chain, key, _ = self.obtain_certificate(domains)
                          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/client.py", line 428, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/client.py", line 496, in _get_order_and_authorizations
    authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/auth_handler.py", line 108, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, max_time_mins, best_effort)
  File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/auth_handler.py", line 212, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
2024-02-08 02:03:31,399:ERROR:certbot._internal.log:Some challenges have failed.

changed domain.com to domain.com for saftey... and edited some payloads with *** but that shouldn't matter should it?

The only thing i can read from those logs is this part: Certbot failed to authenticate some domains (authenticator: dns-godaddy). The Certificate Authority reported these problems: Domain: domain.com Type: unauthorized Detail: No TXT record found at _acme-challenge.domain.com

But i'm pretty sure the API key works, as i'm using them as well in OpenWRT DDNS script to change my IP.

Edit: curl -X GET -H "Authorization: sso-key [API_KEY]:[API_SECRET]" "https://api.godaddy.com/v1/domains/available?domain=example.guru" Works, so API key is not an issue! {"available":false,"definitive":true,"domain":"domain.com"}

Operating System docker on OpenWRT 23.05.0

Additional Info

PATH=/opt/certbot/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt OPENRESTY_VERSION=1.21.4.3 CROWDSEC_OPENRESTY_BOUNCER_VERSION=0.1.7 CURL_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt SUPPRESS_NO_CONFIG_WARNING=1 S6_BEHAVIOUR_IF_STAGE2_FAILS=1 S6_CMD_WAIT_FOR_SERVICES_MAXTIME=0 S6_FIX_ATTRS_HIDDEN=1 S6_KILL_FINISH_MAXTIME=10000 S6_VERBOSITY=1 NODE_ENV=production NPM_BUILD_VERSION=2.11.1 NPM_BUILD_COMMIT=aec3020 NPM_BUILD_DATE=2024-01-21 11:23:57 UTC NODE_OPTIONS=--openssl-legacy-provider

NginxProxyManager / nginx-proxy-manager

DNS Challenge with goDaddy Fails with Wildcard Domain. #3533