Anyone experiencing acme.sh is no longer able to verify TXT records?

This is a recent issue that just started in the last 24 hours:

./acme.sh --issue -d artemis.direct -d .artemis.direct --challenge-alias ssl-certs.live --dns dns_gd
[Thu 16 May 2024 10:18:52 PM UTC] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Thu 16 May 2024 10:18:52 PM UTC] Creating domain key
[Thu 16 May 2024 10:18:52 PM UTC] The domain key is here: /root/.acme.sh/artemis.direct_ecc/artemis.direct.key
[Thu 16 May 2024 10:18:52 PM UTC] Multi domain='DNS:artemis.direct,DNS:
.artemis.direct'
[Thu 16 May 2024 10:18:52 PM UTC] Getting domain auth token for each domain
[Thu 16 May 2024 10:18:53 PM UTC] Getting webroot for domain='artemis.direct'
[Thu 16 May 2024 10:18:53 PM UTC] Getting webroot for domain='*.artemis.direct'
[Thu 16 May 2024 10:18:53 PM UTC] Adding txt value: g2wNO7_Mjh2rVUoZFD3LZ9GN1fhQdN7GoJOytJ4sPvk for domain: _acme-challenge.ssl-certs.live
[Thu 16 May 2024 10:18:54 PM UTC] Adding record
[Thu 16 May 2024 10:19:06 PM UTC] Added TXT record 'g2wNO7_Mjh2rVUoZFD3LZ9GN1fhQdN7GoJOytJ4sPvk' for '_acme-challenge.ssl-certs.live'.
[Thu 16 May 2024 10:19:06 PM UTC] The txt record is added: Success.
[Thu 16 May 2024 10:19:06 PM UTC] Adding txt value: 4-SuRG5qx3OMy6XzwFg0kw_a3r0DGZcbZTxEr6N_UUY for domain: _acme-challenge.ssl-certs.live
[Thu 16 May 2024 10:19:06 PM UTC] Adding record
[Thu 16 May 2024 10:19:18 PM UTC] Added TXT record '4-SuRG5qx3OMy6XzwFg0kw_a3r0DGZcbZTxEr6N_UUY' for '_acme-challenge.ssl-certs.live'.
[Thu 16 May 2024 10:19:18 PM UTC] The txt record is added: Success.
[Thu 16 May 2024 10:19:18 PM UTC] Let's check each DNS record now. Sleep 20 seconds first.
[Thu 16 May 2024 10:19:39 PM UTC] You can use '--dnssleep' to disable public dns checks.
[Thu 16 May 2024 10:19:39 PM UTC] See: dnscheck · acmesh-official/acme.sh Wiki · GitHub
[Thu 16 May 2024 10:19:39 PM UTC] Checking artemis.direct for _acme-challenge.ssl-certs.live
[Thu 16 May 2024 10:19:39 PM UTC] Domain artemis.direct '_acme-challenge.ssl-certs.live' success.
[Thu 16 May 2024 10:19:40 PM UTC] Checking artemis.direct for _acme-challenge.ssl-certs.live
[Thu 16 May 2024 10:19:40 PM UTC] Not valid yet, let's wait 10 seconds and check next one.
[Thu 16 May 2024 10:19:51 PM UTC] Let's wait 10 seconds and check again.
[Thu 16 May 2024 10:20:02 PM UTC] You can use '--dnssleep' to disable public dns checks.
[Thu 16 May 2024 10:20:02 PM UTC] See: dnscheck · acmesh-official/acme.sh Wiki · GitHub
[Thu 16 May 2024 10:20:02 PM UTC] Checking artemis.direct for _acme-challenge.ssl-certs.live
[Thu 16 May 2024 10:20:02 PM UTC] Already success, continue next one.
[Thu 16 May 2024 10:20:02 PM UTC] Checking artemis.direct for _acme-challenge.ssl-certs.live
[Thu 16 May 2024 10:20:02 PM UTC] Domain artemis.direct '_acme-challenge.ssl-certs.live' success.
[Thu 16 May 2024 10:20:02 PM UTC] All success, let's return
[Thu 16 May 2024 10:20:02 PM UTC] Verifying: artemis.direct
[Thu 16 May 2024 10:20:03 PM UTC] Pending, The CA is processing your order, please just wait. (1/30)
[Thu 16 May 2024 10:20:06 PM UTC] artemis.direct:Verify error:Incorrect TXT record
[Thu 16 May 2024 10:20:06 PM UTC] Removing DNS records.
[Thu 16 May 2024 10:20:06 PM UTC] Removing txt: g2wNO7_Mjh2rVUoZFD3LZ9GN1fhQdN7GoJOytJ4sPvk for domain: _acme-challenge.ssl-certs.live
[Thu 16 May 2024 10:20:07 PM UTC] Removed: Success
[Thu 16 May 2024 10:20:07 PM UTC] Removing txt: 4-SuRG5qx3OMy6XzwFg0kw_a3r0DGZcbZTxEr6N_UUY for domain: _acme-challenge.ssl-certs.live
[Thu 16 May 2024 10:20:08 PM UTC] Removed: Success
[Thu 16 May 2024 10:20:08 PM UTC] Please add '--debug' or '--log' to check more details.
[Thu 16 May 2024 10:20:08 PM UTC] See: How to debug acme.sh · acmesh-official/acme.sh Wiki · GitHub

Any ideas of what is going on now?

What is ssl-certs.live and what who controls it? It seems to have disappeared.

Thank you for the response. That is the CNAME Godaddy domain setup to pass the records over. This has been setup for several years this way and all of sudden stopped working.

there was recent dns api change from godaddy to require 10 domains from account to allow to use dns api

4 Likes