ACME.sh Error w/ Alias Domain Challenge and Possibly Apache help

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: in-design.com
Challenge Alias: InDsgnLTD.com

I ran these commands:

#!/bin/sh
export GD_Key="XXXXXXXXXXXXXXXXXXXXXXXXXX"
export GD_Secret="XXXXXXXXXXXXXXXXXXXXXXXXXX"
/root/acme.sh/acme.sh --issue --dns dns_gd -d *.in-design.com --challenge-alias indsgnltd.com --apache

With and Without --apache

Would be great if I can just point it to install - system already configured. Just need issued and renewed and not for Apache or anything else to be touched. Hope to use the install cert command after this to place the new cert/key for Apache.

It produced this output:

/root/acme.sh/acme.sh --issue --dns dns_gd -d *.in-design.com --challenge-alias indsgnltd.com --debug --log
[Sun Feb 12 23:58:42 UTC 2023] Lets find script dir.
[Sun Feb 12 23:58:42 UTC 2023] _SCRIPT_='/root/acme.sh/acme.sh'
[Sun Feb 12 23:58:42 UTC 2023] _script='/root/acme.sh/acme.sh'
[Sun Feb 12 23:58:42 UTC 2023] _script_home='/root/acme.sh'
[Sun Feb 12 23:58:42 UTC 2023] Using config home:/root/.acme.sh
[Sun Feb 12 23:58:42 UTC 2023] Running cmd: issue
[Sun Feb 12 23:58:42 UTC 2023] _main_domain='*.in-design.com'
[Sun Feb 12 23:58:42 UTC 2023] _alt_domains='no'
[Sun Feb 12 23:58:42 UTC 2023] Using config home:/root/.acme.sh
[Sun Feb 12 23:58:42 UTC 2023] default_acme_server
[Sun Feb 12 23:58:42 UTC 2023] ACME_DIRECTORY='https://acme.zerossl.com/v2/DV90'
[Sun Feb 12 23:58:42 UTC 2023] DOMAIN_PATH='/root/.acme.sh/*.in-design.com_ecc'
[Sun Feb 12 23:58:42 UTC 2023] Le_NextRenewTime
[Sun Feb 12 23:58:42 UTC 2023] Using ACME_DIRECTORY: https://acme.zerossl.com/v2/DV90
[Sun Feb 12 23:58:42 UTC 2023] _init api for server: https://acme.zerossl.com/v2/DV90
[Sun Feb 12 23:58:42 UTC 2023] GET
[Sun Feb 12 23:58:42 UTC 2023] url='https://acme.zerossl.com/v2/DV90'
[Sun Feb 12 23:58:42 UTC 2023] timeout=
[Sun Feb 12 23:58:42 UTC 2023] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g '
[Sun Feb 12 23:58:42 UTC 2023] ret='0'
[Sun Feb 12 23:58:42 UTC 2023] ACME_KEY_CHANGE='https://acme.zerossl.com/v2/DV90/keyChange'
[Sun Feb 12 23:58:42 UTC 2023] ACME_NEW_AUTHZ
[Sun Feb 12 23:58:42 UTC 2023] ACME_NEW_ORDER='https://acme.zerossl.com/v2/DV90/newOrder'
[Sun Feb 12 23:58:42 UTC 2023] ACME_NEW_ACCOUNT='https://acme.zerossl.com/v2/DV90/newAccount'
[Sun Feb 12 23:58:42 UTC 2023] ACME_REVOKE_CERT='https://acme.zerossl.com/v2/DV90/revokeCert'
[Sun Feb 12 23:58:42 UTC 2023] ACME_AGREEMENT='https://secure.trust-provider.com/repository/docs/Legacy/20221001_Certificate_Subscriber_Agreement_v_2_5_click.pdf'
[Sun Feb 12 23:58:42 UTC 2023] ACME_NEW_NONCE='https://acme.zerossl.com/v2/DV90/newNonce'
[Sun Feb 12 23:58:42 UTC 2023] _on_before_issue
[Sun Feb 12 23:58:42 UTC 2023] _chk_main_domain='*.in-design.com'
[Sun Feb 12 23:58:42 UTC 2023] _chk_alt_domains
[Sun Feb 12 23:58:42 UTC 2023] Le_LocalAddress
[Sun Feb 12 23:58:42 UTC 2023] d='*.in-design.com'
[Sun Feb 12 23:58:42 UTC 2023] Check for domain='*.in-design.com'
[Sun Feb 12 23:58:42 UTC 2023] _currentRoot='dns_gd'
[Sun Feb 12 23:58:42 UTC 2023] d
[Sun Feb 12 23:58:42 UTC 2023] _saved_account_key_hash is not changed, skip register account.
[Sun Feb 12 23:58:42 UTC 2023] Read key length:ec-256
[Sun Feb 12 23:58:42 UTC 2023] _createcsr
[Sun Feb 12 23:58:43 UTC 2023] d
[Sun Feb 12 23:58:43 UTC 2023] url='https://acme.zerossl.com/v2/DV90/newOrder'
[Sun Feb 12 23:58:43 UTC 2023] payload='{"identifiers": [{"type":"dns","value":"*.in-design.com"}]}'
[Sun Feb 12 23:58:43 UTC 2023] EC key
[Sun Feb 12 23:58:43 UTC 2023] HEAD
[Sun Feb 12 23:58:43 UTC 2023] _post_url='https://acme.zerossl.com/v2/DV90/newNonce'
[Sun Feb 12 23:58:43 UTC 2023] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g  -I  '
[Sun Feb 12 23:58:43 UTC 2023] _ret='0'
[Sun Feb 12 23:58:43 UTC 2023] POST
[Sun Feb 12 23:58:43 UTC 2023] _post_url='https://acme.zerossl.com/v2/DV90/newOrder'
[Sun Feb 12 23:58:43 UTC 2023] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g '
[Sun Feb 12 23:58:43 UTC 2023] _ret='0'
[Sun Feb 12 23:58:43 UTC 2023] code='201'
[Sun Feb 12 23:58:43 UTC 2023] Le_LinkOrder='https://acme.zerossl.com/v2/DV90/order/RQmHl6e2EPw00FTpATogQw'
[Sun Feb 12 23:58:43 UTC 2023] Le_OrderFinalize='https://acme.zerossl.com/v2/DV90/order/RQmHl6e2EPw00FTpATogQw/finalize'
[Sun Feb 12 23:58:43 UTC 2023] url='https://acme.zerossl.com/v2/DV90/authz/CNm5tMfxhg_RH6lK_banGQ'
[Sun Feb 12 23:58:43 UTC 2023] payload
[Sun Feb 12 23:58:43 UTC 2023] POST
[Sun Feb 12 23:58:43 UTC 2023] _post_url='https://acme.zerossl.com/v2/DV90/authz/CNm5tMfxhg_RH6lK_banGQ'
[Sun Feb 12 23:58:43 UTC 2023] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g '
[Sun Feb 12 23:58:43 UTC 2023] _ret='0'
[Sun Feb 12 23:58:43 UTC 2023] code='200'
[Sun Feb 12 23:58:44 UTC 2023] d='*.in-design.com'
[Sun Feb 12 23:58:44 UTC 2023] _w='dns_gd'
[Sun Feb 12 23:58:44 UTC 2023] _currentRoot='dns_gd'
[Sun Feb 12 23:58:44 UTC 2023] entry='"type":"dns-01","url":"https://acme.zerossl.com/v2/DV90/chall/RqA7TNbSU8tkAMvCIIbpxQ","status":"pending","token":"KktAwW_dV_I89DMr_GIP4YOTudk6RxtqvFBCN29Plj4"'
[Sun Feb 12 23:58:44 UTC 2023] token='KktAwW_dV_I89DMr_GIP4YOTudk6RxtqvFBCN29Plj4'
[Sun Feb 12 23:58:44 UTC 2023] uri='https://acme.zerossl.com/v2/DV90/chall/RqA7TNbSU8tkAMvCIIbpxQ'
[Sun Feb 12 23:58:44 UTC 2023] keyauthorization='KktAwW_dV_I89DMr_GIP4YOTudk6RxtqvFBCN29Plj4.x8NibBPhXLoy32X-_6xLBqR87CpJ6z3A50IbBgZ-tvw'
[Sun Feb 12 23:58:44 UTC 2023] dvlist='*.in-design.com#KktAwW_dV_I89DMr_GIP4YOTudk6RxtqvFBCN29Plj4.x8NibBPhXLoy32X-_6xLBqR87CpJ6z3A50IbBgZ-tvw#https://acme.zerossl.com/v2/DV90/chall/RqA7TNbSU8tkAMvCIIbpxQ#dns-01#dns_gd'
[Sun Feb 12 23:58:44 UTC 2023] d
[Sun Feb 12 23:58:44 UTC 2023] vlist='*.in-design.com#KktAwW_dV_I89DMr_GIP4YOTudk6RxtqvFBCN29Plj4.x8NibBPhXLoy32X-_6xLBqR87CpJ6z3A50IbBgZ-tvw#https://acme.zerossl.com/v2/DV90/chall/RqA7TNbSU8tkAMvCIIbpxQ#dns-01#dns_gd,'
[Sun Feb 12 23:58:44 UTC 2023] d='*.in-design.com'
[Sun Feb 12 23:58:44 UTC 2023] _d_alias='indsgnltd.com'
[Sun Feb 12 23:58:44 UTC 2023] txtdomain='_acme-challenge.indsgnltd.com'
[Sun Feb 12 23:58:44 UTC 2023] txt='eePvPBUPtxvErBgRtEzlNVYy9bUwkgRVG-y1MjqnIhY'
[Sun Feb 12 23:58:44 UTC 2023] d_api='/root/acme.sh/dnsapi/dns_gd.sh'
[Sun Feb 12 23:58:44 UTC 2023] Found domain api file: /root/acme.sh/dnsapi/dns_gd.sh
[Sun Feb 12 23:58:44 UTC 2023] First detect the root zone
[Sun Feb 12 23:58:44 UTC 2023] domains/indsgnltd.com
[Sun Feb 12 23:58:44 UTC 2023] GET
[Sun Feb 12 23:58:44 UTC 2023] url='https://api.godaddy.com/v1/domains/indsgnltd.com'
[Sun Feb 12 23:58:44 UTC 2023] timeout=
[Sun Feb 12 23:58:44 UTC 2023] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g '
[Sun Feb 12 23:58:44 UTC 2023] ret='0'
[Sun Feb 12 23:58:44 UTC 2023] _sub_domain='_acme-challenge'
[Sun Feb 12 23:58:44 UTC 2023] _domain='indsgnltd.com'
[Sun Feb 12 23:58:44 UTC 2023] Getting existing records
[Sun Feb 12 23:58:44 UTC 2023] domains/indsgnltd.com/records/TXT/_acme-challenge
[Sun Feb 12 23:58:44 UTC 2023] GET
[Sun Feb 12 23:58:44 UTC 2023] url='https://api.godaddy.com/v1/domains/indsgnltd.com/records/TXT/_acme-challenge'
[Sun Feb 12 23:58:44 UTC 2023] timeout=
[Sun Feb 12 23:58:44 UTC 2023] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g '
[Sun Feb 12 23:58:45 UTC 2023] ret='0'
[Sun Feb 12 23:58:45 UTC 2023] domains/indsgnltd.com/records/TXT/_acme-challenge
[Sun Feb 12 23:58:45 UTC 2023] data (PUT): ='[{"data":"eePvPBUPtxvErBgRtEzlNVYy9bUwkgRVG-y1MjqnIhY"}]'
[Sun Feb 12 23:58:45 UTC 2023] PUT
[Sun Feb 12 23:58:45 UTC 2023] _post_url='https://api.godaddy.com/v1/domains/indsgnltd.com/records/TXT/_acme-challenge'
[Sun Feb 12 23:58:45 UTC 2023] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g '
[Sun Feb 12 23:58:45 UTC 2023] _ret='0'
[Sun Feb 12 23:58:45 UTC 2023] Checking updated records of '_acme-challenge.indsgnltd.com'
[Sun Feb 12 23:58:45 UTC 2023] domains/indsgnltd.com/records/TXT/_acme-challenge
[Sun Feb 12 23:58:45 UTC 2023] GET
[Sun Feb 12 23:58:45 UTC 2023] url='https://api.godaddy.com/v1/domains/indsgnltd.com/records/TXT/_acme-challenge'
[Sun Feb 12 23:58:45 UTC 2023] timeout=
[Sun Feb 12 23:58:45 UTC 2023] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g '
[Sun Feb 12 23:58:45 UTC 2023] ret='0'
[Sun Feb 12 23:59:15 UTC 2023] d='in-design.com'
[Sun Feb 12 23:59:15 UTC 2023] txtdomain='_acme-challenge.in-design.com'
[Sun Feb 12 23:59:15 UTC 2023] aliasDomain='_acme-challenge.indsgnltd.com'
[Sun Feb 12 23:59:15 UTC 2023] txt='eePvPBUPtxvErBgRtEzlNVYy9bUwkgRVG-y1MjqnIhY'
[Sun Feb 12 23:59:15 UTC 2023] d_api='/root/acme.sh/dnsapi/dns_gd.sh'
[Sun Feb 12 23:59:15 UTC 2023] _c_txtdomain='_acme-challenge.in-design.com'
[Sun Feb 12 23:59:15 UTC 2023] _c_aliasdomain='_acme-challenge.indsgnltd.com'
[Sun Feb 12 23:59:15 UTC 2023] _c_txt='eePvPBUPtxvErBgRtEzlNVYy9bUwkgRVG-y1MjqnIhY'
[Sun Feb 12 23:59:15 UTC 2023] Detect dns server first.
[Sun Feb 12 23:59:15 UTC 2023] GET
[Sun Feb 12 23:59:15 UTC 2023] url='https://cloudflare-dns.com'
[Sun Feb 12 23:59:15 UTC 2023] timeout=10
[Sun Feb 12 23:59:15 UTC 2023] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g  --connect-timeout 10'
[Sun Feb 12 23:59:16 UTC 2023] ret='0'
[Sun Feb 12 23:59:16 UTC 2023] Use cloudflare doh server
[Sun Feb 12 23:59:16 UTC 2023] GET
[Sun Feb 12 23:59:16 UTC 2023] url='https://cloudflare-dns.com/dns-query?name=_acme-challenge.indsgnltd.com&type=TXT'
[Sun Feb 12 23:59:16 UTC 2023] timeout=
[Sun Feb 12 23:59:16 UTC 2023] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g '
[Sun Feb 12 23:59:16 UTC 2023] ret='0'
[Sun Feb 12 23:59:16 UTC 2023] ok, let's start to verify
[Sun Feb 12 23:59:16 UTC 2023] d='*.in-design.com'
[Sun Feb 12 23:59:16 UTC 2023] keyauthorization='XXXXXXXXXXXXXXXXXXXXXXXXXX'
[Sun Feb 12 23:59:16 UTC 2023] uri='https://acme.zerossl.com/v2/DV90/chall/RqA7TNbSU8tkAMvCIIbpxQ'
[Sun Feb 12 23:59:16 UTC 2023] _currentRoot='dns_gd'
[Sun Feb 12 23:59:16 UTC 2023] url='https://acme.zerossl.com/v2/DV90/chall/RqA7TNbSU8tkAMvCIIbpxQ'
[Sun Feb 12 23:59:16 UTC 2023] payload='{}'
[Sun Feb 12 23:59:16 UTC 2023] POST
[Sun Feb 12 23:59:16 UTC 2023] _post_url='https://acme.zerossl.com/v2/DV90/chall/RqA7TNbSU8tkAMvCIIbpxQ'
[Sun Feb 12 23:59:16 UTC 2023] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g '
[Sun Feb 12 23:59:16 UTC 2023] _ret='0'
[Sun Feb 12 23:59:16 UTC 2023] code='200'
[Sun Feb 12 23:59:16 UTC 2023] trigger validation code: 200
[Sun Feb 12 23:59:16 UTC 2023] sleep 2 secs to verify again
[Sun Feb 12 23:59:18 UTC 2023] checking
[Sun Feb 12 23:59:18 UTC 2023] url='https://acme.zerossl.com/v2/DV90/chall/RqA7TNbSU8tkAMvCIIbpxQ'
[Sun Feb 12 23:59:18 UTC 2023] payload
[Sun Feb 12 23:59:18 UTC 2023] POST
[Sun Feb 12 23:59:18 UTC 2023] _post_url='https://acme.zerossl.com/v2/DV90/chall/RqA7TNbSU8tkAMvCIIbpxQ'
[Sun Feb 12 23:59:18 UTC 2023] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g '
[Sun Feb 12 23:59:18 UTC 2023] _ret='0'
[Sun Feb 12 23:59:18 UTC 2023] code='200'
[Sun Feb 12 23:59:18 UTC 2023] *.in-design.com:Verify error:"error":{
[Sun Feb 12 23:59:18 UTC 2023] Skip for removelevel:
[Sun Feb 12 23:59:18 UTC 2023] pid
[Sun Feb 12 23:59:18 UTC 2023] No need to restore nginx, skip.
[Sun Feb 12 23:59:18 UTC 2023] _clearupdns
[Sun Feb 12 23:59:18 UTC 2023] dns_entries='in-design.com,_acme-challenge.in-design.com,_acme-challenge.indsgnltd.com,dns_gd,XXXXXXXXXXXXXXXXXXXXXXXXXX,/root/acme.sh/dnsapi/dns_gd.sh
'
[Sun Feb 12 23:59:18 UTC 2023] d='in-design.com'
[Sun Feb 12 23:59:18 UTC 2023] txtdomain='_acme-challenge.in-design.com'
[Sun Feb 12 23:59:18 UTC 2023] aliasDomain='_acme-challenge.indsgnltd.com'
[Sun Feb 12 23:59:18 UTC 2023] _currentRoot='dns_gd'
[Sun Feb 12 23:59:18 UTC 2023] txt='eePvPBUPtxvErBgRtEzlNVYy9bUwkgRVG-y1MjqnIhY'
[Sun Feb 12 23:59:18 UTC 2023] d_api='/root/acme.sh/dnsapi/dns_gd.sh'
[Sun Feb 12 23:59:18 UTC 2023] First detect the root zone
[Sun Feb 12 23:59:18 UTC 2023] domains/indsgnltd.com
[Sun Feb 12 23:59:18 UTC 2023] GET
[Sun Feb 12 23:59:18 UTC 2023] url='https://api.godaddy.com/v1/domains/indsgnltd.com'
[Sun Feb 12 23:59:18 UTC 2023] timeout=
[Sun Feb 12 23:59:18 UTC 2023] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g '
[Sun Feb 12 23:59:19 UTC 2023] ret='0'
[Sun Feb 12 23:59:19 UTC 2023] _sub_domain='_acme-challenge'
[Sun Feb 12 23:59:19 UTC 2023] _domain='indsgnltd.com'
[Sun Feb 12 23:59:19 UTC 2023] Getting existing records
[Sun Feb 12 23:59:19 UTC 2023] domains/indsgnltd.com/records/TXT/_acme-challenge
[Sun Feb 12 23:59:19 UTC 2023] GET
[Sun Feb 12 23:59:19 UTC 2023] url='https://api.godaddy.com/v1/domains/indsgnltd.com/records/TXT/_acme-challenge'
[Sun Feb 12 23:59:19 UTC 2023] timeout=
[Sun Feb 12 23:59:19 UTC 2023] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g '
[Sun Feb 12 23:59:19 UTC 2023] ret='0'
[Sun Feb 12 23:59:19 UTC 2023] Delete last record for '_acme-challenge.indsgnltd.com'
[Sun Feb 12 23:59:19 UTC 2023] domains/indsgnltd.com/records/TXT/_acme-challenge
[Sun Feb 12 23:59:19 UTC 2023] data (DELETE): 
[Sun Feb 12 23:59:19 UTC 2023] DELETE
[Sun Feb 12 23:59:19 UTC 2023] _post_url='https://api.godaddy.com/v1/domains/indsgnltd.com/records/TXT/_acme-challenge'
[Sun Feb 12 23:59:19 UTC 2023] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g '
[Sun Feb 12 23:59:19 UTC 2023] _ret='0'
[Sun Feb 12 23:59:19 UTC 2023] _on_issue_err
[Sun Feb 12 23:59:19 UTC 2023] Please check log file for more details: /root/.acme.sh/acme.sh.log
[Sun Feb 12 23:59:19 UTC 2023] url='https://acme.zerossl.com/v2/DV90/chall/RqA7TNbSU8tkAMvCIIbpxQ'
[Sun Feb 12 23:59:19 UTC 2023] payload='{}'
[Sun Feb 12 23:59:19 UTC 2023] POST
[Sun Feb 12 23:59:19 UTC 2023] _post_url='https://acme.zerossl.com/v2/DV90/chall/RqA7TNbSU8tkAMvCIIbpxQ'
[Sun Feb 12 23:59:19 UTC 2023] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g '
[Sun Feb 12 23:59:20 UTC 2023] _ret='0'
[Sun Feb 12 23:59:20 UTC 2023] code='200'
[Sun Feb 12 23:59:20 UTC 2023] Diagnosis versions: 
openssl:openssl
OpenSSL 1.0.2k-fips  26 Jan 2017
apache:
apache doesn't exist.
nginx:
nginx doesn't exist.
socat:
socat by Gerhard Rieger and contributors - see www.dest-unreach.org
socat version 1.7.3.2 on Aug 16 2018 08:41:54
   running on Linux version #1 SMP Mon Nov 28 18:44:27 UTC 2022, release 5.15.79-51.138.amzn2.x86_64, machine x86_64
features:
  #define WITH_STDIO 1
  #define WITH_FDNUM 1
  #define WITH_FILE 1
  #define WITH_CREAT 1
  #define WITH_GOPEN 1
  #define WITH_TERMIOS 1
  #define WITH_PIPE 1
  #define WITH_UNIX 1
  #define WITH_ABSTRACT_UNIXSOCKET 1
  #define WITH_IP4 1
  #define WITH_IP6 1
  #define WITH_RAWIP 1
  #define WITH_GENERICSOCKET 1
  #define WITH_INTERFACE 1
  #define WITH_TCP 1
  #define WITH_UDP 1
  #define WITH_SCTP 1
  #define WITH_LISTEN 1
  #define WITH_SOCKS4 1
  #define WITH_SOCKS4A 1
  #define WITH_PROXY 1
  #define WITH_SYSTEM 1
  #define WITH_EXEC 1
  #define WITH_READLINE 1
  #define WITH_TUN 1
  #define WITH_PTY 1
  #define WITH_OPENSSL 1
  #undef WITH_FIPS
  #define WITH_LIBWRAP 1
  #define WITH_SYCLS 1
  #define WITH_FILAN 1
  #define WITH_RETRY 1
  #define WITH_MSGLEVEL 0 /*debug*/

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is: Self Configured and Hosted ec2 lighthouse AWS instance

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.11.0

Again...I do not even want acme.sh to install the config into Apache or any other system. I just want acme.sh to get the cert and key and put them in the right directory with the right name and to restart Apache.

Apache is already properly configured and working fine.

Cheers,
T

https://unboundtest.com/m/TXT/_acme-challenge.in-design.com/DNDYVLKM

Query results for TXT _acme-challenge.in-design.com

Response:
;; opcode: QUERY, status: NOERROR, id: 24987
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;_acme-challenge.in-design.com.	IN	 TXT

;; ANSWER SECTION:
_acme-challenge.in-design.com.	0	IN	TXT	"_acme-challenge.indsgnltd.com"

----- Unbound logs -----
Feb 13 00:42:36 unbound[268458:0] notice: init module 0: validator

You have a DNS TXT record for _acme-challenge.in-design.com, I believe you want a CNAME DNS Record to point to _acme-challenge.indsgnltd.com

Presently there is no DNS TXT record for _acme-challenge.indsgnltd.com often tools will remove the record so likely not an issue.

Query results for TXT _acme-challenge.indsgnltd.com

Response:
;; opcode: QUERY, status: NXDOMAIN, id: 41251
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;_acme-challenge.indsgnltd.com.	IN	 TXT

;; AUTHORITY SECTION:
indsgnltd.com.	0	IN	SOA	ns05.domaincontrol.com. dns.jomax.net. 2023021214 28800 7200 604800 600

----- Unbound logs -----
Feb 13 00:41:38 unbound[268452:0] notice: init module 0: validator

You can read about DNS CNAME record - Wikipedia

This online tool is helpful with these DNS Records https://unboundtest.com/

2 Likes

Here is what I see with nslookup

$ nslookup -q=txt _acme-challenge.in-design.com ns-cloud-e1.googledomains.com.
Server:         ns-cloud-e1.googledomains.com.
Address:        216.239.32.110#53

_acme-challenge.in-design.com   text = "_acme-challenge.indsgnltd.com"

$ nslookup -q=cname _acme-challenge.in-design.com ns-cloud-e1.googledomains.com.
Server:         ns-cloud-e1.googledomains.com.
Address:        216.239.32.110#53

*** Can't find _acme-challenge.in-design.com: No answer

Yet for www.in-design.com which is a DNS CNAME this is what the output looks like

$ nslookup -q=txt www.in-design.com ns-cloud-e1.googledomains.com.
Server:         ns-cloud-e1.googledomains.com.
Address:        216.239.32.110#53

www.in-design.com       canonical name = in-design.com.
in-design.com   text = "v=spf1 include:_spf.google.com ~all"

$ nslookup -q=cname www.in-design.com ns-cloud-e1.googledomains.com.
Server:         ns-cloud-e1.googledomains.com.
Address:        216.239.32.110#53

www.in-design.com       canonical name = in-design.com.

And a description of DNS-01 challenge
" Since Let’s Encrypt follows the DNS standards when looking up TXT records for DNS-01 validation, you can use CNAME records or NS records to delegate answering the challenge to other DNS zones. This can be used to delegate the _acme-challenge subdomain to a validation-specific server or zone. It can also be used if your DNS provider is slow to update, and you want to delegate to a quicker-updating server."

3 Likes

Thank you. I just saw another post about using CNAMEs...I had screwed it up.

Thanks,
T

4 Likes

You are welcome @tziady :slight_smile:

3 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.