Doing multiple challenges for the same domain fails

[remram44]

I am using certbot-dns-infoblox to verify a domain for a wildcard certificate. Therefore I request two domains, hsrn.nyu.edu and *.hsrn.nyu.edu.

This requires the creation of two TXT records both called _acme-challenge.hsrn.nyu.edu but with different values.

It seems that the second record is not created as Infoblox reports that the record already exists and this causes the challenge validation to fail.

2022-09-18 16:59:26,888:INFO:certbot._internal.auth_handler:Performing the following challenges:
2022-09-18 16:59:26,889:INFO:certbot._internal.auth_handler:dns-01 challenge for hsrn.nyu.edu
2022-09-18 16:59:26,889:INFO:certbot._internal.auth_handler:dns-01 challenge for hsrn.nyu.edu
2022-09-18 16:59:26,892:DEBUG:infoblox_client.connector:Sending get request to https://ipmanager.nyu.edu/wapi/v2.1/record%3Atxt?name=_acme-challenge.hsrn.nyu.edu&view=default with parameters {'timeout': 10, 'headers': {'Content-type': 'application/json'}, 'verify': True}
2022-09-18 16:59:26,981:DEBUG:infoblox_client.connector:Sending get request to  https://ipmanager.nyu.edu/wapi/v2.1/record%3Atxt?name=_acme-challenge.hsrn.nyu.edu&view=default&_proxy_search=GM with parameters {'timeout': 10, 'headers': {'Content-type': 'application/json'}, 'verify': True}
2022-09-18 16:59:27,059:DEBUG:infoblox_client.connector:Sending post request to https://ipmanager.nyu.edu/wapi/v2.1/record%3Atxt?_return_fields=extattrs%2Cname%2Ctext%2Cview with parameters {'timeout': 10, 'headers': {'Content-type': 'application/json'}, 'verify': True, 'data': '{"comment": "2022-09-18 16:59:26: certbot-auto-hsrn_api_user", "name": "_acme- challenge.hsrn.nyu.edu", "text": "REDACTED", "ttl": 120, "view": "default"}'}
2022-09-18 16:59:27,160:INFO:infoblox_client.objects:Infoblox record:txt was created: TXTRecord: comment="2022-09-18 16:59:26: certbot-auto-hsrn_api_user", name="_acme-challenge.hsrn.nyu.edu", text="REDACTED", ttl="120", view="default"
2022-09-18 16:59:27,162:DEBUG:infoblox_client.connector:Sending get request to https://ipmanager.nyu.edu/wapi/v2.1/record%3Atxt?name=_acme-challenge.hsrn.nyu.edu&view=default with parameters {'timeout': 10, 'headers': {'Content-type': 'application/json'}, 'verify': True}
2022-09-18 16:59:27,251:INFO:infoblox_client.objects:Infoblox record:txt already exists: TXTRecord: comment="2022-09-18 16:59:27: certbot-auto-hsrn_api_user", name="_acme-challenge.hsrn.nyu.edu", text="xSaAWmMXFoAOLbo7sapx_Q5A4aYM5pXuxW0oHgWdLi8", ttl="120", view="default", _ref="record:txt/ZG5zLmJpbmRfdHh0JC5fZGVmYXVsdC5lZHUubnl1Lmhzcm4uX2FjbWUtY2hhbGxlbmdlLlJFREFDVEVE:_acme-challenge.hsrn.nyu.edu/default"
2022-09-18 16:59:27,251:DEBUG:certbot._internal.display.obj:Notifying user: Waiting 60 seconds for DNS changes to propagate
...
2022-09-18 17:00:28,424:DEBUG:acme.client:Sending POST request to https://acme- v02.api.letsencrypt.org/acme/authz-v3/154660955351:
< letsencrypt says "status": "valid" >
2022-09-18 17:00:28,475:DEBUG:acme.client:Sending POST request to https://acme- v02.api.letsencrypt.org/acme/authz-v3/154660955361:
< letsencrypt says "status": "invalid" >
2022-09-18 17:00:28,523:INFO:certbot._internal.auth_handler:Challenge failed for domain hsrn.nyu.edu
2022-09-18 17:00:28,523:INFO:certbot._internal.auth_handler:dns-01 challenge for hsrn.nyu.edu
2022-09-18 17:00:28,523:DEBUG:certbot._internal.display.obj:Notifying user: Certbot failed to authenticate some domains (authenticator: dns-infoblox). The Certificate Authority reported these problems:
  Domain: hsrn.nyu.edu
  Type:   unauthorized
  Detail: Incorrect TXT record "REDACTED (token for other challenge)" found at _acme-challenge.hsrn.nyu.edu

Hint: The Certificate Authority failed to verify the DNS TXT records created by --dns-infoblox. Ensure the above domains are hosted by this DNS provider, or try increasing --dns-infoblox-propagation-seconds (currently 60 seconds).