Acme.sh fails with value wasn't set

I have a script that I use to renew certs from GoDaddy using their API key method and acme.sh that I've been using for more than a year. Somehow today it stopped working. I checked with my GoDaddy account and nothing has changed there.

./acme.sh --dnssleep 300 --force --log --issue --use-wget -d wellingtonpotpies.com --dns dns_gd -d www.wellingtonpotpies.com --dns dns_gd -d webstage.wellingtonpotpies.com --dns dn
s_gd -d wellingtontransportation.com --dns dns_cloudns -d www.wellingtontransportation.com --dns dns_cloudns -d wellingtontransportation.net --dns dns_cloudns -d www.wellingtontransp
ortation.net --dns dns_cloudns --cert-file /etc/letsencrypt/wellington-certfile.pem --key-file /etc/letsencrypt/wellington-privkey.pem
[Mon May 13 06:52:23 PM EDT 2024] Using CA: https://acme.zerossl.com/v2/DV90
[Mon May 13 06:52:24 PM EDT 2024] Multi domain='DNS:wellingtonpotpies.com,DNS:www.wellingtonpotpies.com,DNS:webstage.wellingtonpotpies.com,DNS:wellingtontransportation.com,DNS:www.we
llingtontransportation.com,DNS:wellingtontransportation.net,DNS:www.wellingtontransportation.net'
[Mon May 13 06:52:31 PM EDT 2024] Getting webroot for domain='wellingtonpotpies.com'
[Mon May 13 06:52:31 PM EDT 2024] Getting webroot for domain='www.wellingtonpotpies.com'
[Mon May 13 06:52:31 PM EDT 2024] Getting webroot for domain='webstage.wellingtonpotpies.com'
[Mon May 13 06:52:31 PM EDT 2024] Getting webroot for domain='wellingtontransportation.com'
[Mon May 13 06:52:31 PM EDT 2024] Getting webroot for domain='www.wellingtontransportation.com'
[Mon May 13 06:52:31 PM EDT 2024] Getting webroot for domain='wellingtontransportation.net'
[Mon May 13 06:52:31 PM EDT 2024] Getting webroot for domain='www.wellingtontransportation.net'
[Mon May 13 06:52:31 PM EDT 2024] Adding txt value: g0tmChMlhwjrujzrEj-6qKTe5Wlo0vXexDQ9tufZJ5I for domain:  _acme-challenge.wellingtonpotpies.com
[Mon May 13 06:52:32 PM EDT 2024] Adding record
[Mon May 13 06:52:33 PM EDT 2024] TXT record 'g0tmChMlhwjrujzrEj-6qKTe5Wlo0vXexDQ9tufZJ5I' for '_acme-challenge.wellingtonpotpies.com', value wasn't set!
[Mon May 13 06:52:33 PM EDT 2024] Error add txt for domain:_acme-challenge.wellingtonpotpies.com
[Mon May 13 06:52:33 PM EDT 2024] Please check log file for more details: /root/.acme.sh/acme.sh.log

I've also upgraded to version 3.0.8 and still having the same problem. I've even tried creating a new API key.

This script also renews certs for a bunch of domains managed by cloudflare and they are having no difficulties using the same version of acme.sh.

Where do I start troubleshooting this?

1 Like

Hi @gossamer,

Well it looks like you are not using Let's Encrypt CA.

For Let's Encrypt I would suggest using the Staging Environment - Let's Encrypt to while debugging.

Edit:

Also there seems to be new issue(s) with GoDaddy.

Edit:

Another option would be to consider using HTTP-01 challenge instead of the DNS-01 challenge you are presently using of the Challenge Types - Let's Encrypt.

3 Likes

The issue turned out to be a new restriction GoDaddy is applying to their budget-friendly customers (those with less than 10 domains) and the use of their API to update DNS records.

Working on migrating off them now.

4 Likes

For future reference: Using force doesn't fix anything that is broken.

Also, you might want to split that cert into multiple certs.
[with just the names found in each individual vhost]

5 Likes

Yes, understood. That was a remnant from a previous successful run.

For easier management, security, or both?

I also managed to switch the default CA:
/acme.sh --set-default-ca --server letsencrypt

And get it working with the document root method instead of moving off GoDaddy for now:
./acme.sh ... --webroot /docroot-path/html/

3 Likes