#certbot certonly --manual --preferred-challenges dns -m tien@aaaa.com.tw -d "*.aaaa.com.tw"
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for *.aaaa.com.tw

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please deploy a DNS TXT record under the name:

_acme-challenge.aaaa.com.tw.

with the following value:

XXXXXXXXkoZiMm6WcDR47wFijDeCwFCgIeiXxXxXxXX

Before continuing, verify the TXT record has been deployed. Depending on the DNS
provider, this may take some time, from a few seconds to multiple minutes. You can
check if it has finished deploying with aid of online tools, such as the Google
Admin Toolbox: https://toolbox.googleapps.com/apps/dig/#TXT/_acme-challenge.aaaa.com.tw.
Look for one or more bolded line(s) below the line ';ANSWER'. It should show the
value(s) you've just added.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Press Enter to Continue
(先至DNS設定_acme-challenge.aaaa.com.tw. txt "XXXXXXXXkoZiMm6WcDR47wFijDeCwFCgIeiXxXxXxXX"

Certbot failed to authenticate some domains (authenticator: manual). The Certificate Authority reported these problems:
Domain: aaaa.com.tw
Type: dns
Detail: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.aaaa.com.tw - check that a DNS record exists for this domain

Hint: The Certificate Authority failed to verify the manually created DNS TXT records. Ensure that you created these in the correct location, or try waiting longer for DNS propagation on the next attempt.

Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

要生效時才有用,上面是剛更新DNS設定不會馬上生效。
若生效後再按ENTER會出現
Successfully received certificate.
Certificate is saved at: /usr/local/etc/letsencrypt/live/aaaa.com.tw-0001/fullchain.pem
Key is saved at: /usr/local/etc/letsencrypt/live/aaaa.com.tw-0001/privkey.pem
This certificate expires on 2023-08-19.
These files will be updated when the certificate renews.

NEXT STEPS:
- This certificate will not be renewed automatically. Autorenewal of --manual certificates requires the use of an authentication hook script (--manual-auth-hook) but one was not provided. To renew this certificate, repeat this same certbot command before the certificate's expiry date.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
* Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
* Donating to EFF: https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -