Automatic challenge with DNS(dns_ispconfig) API failling

yvespires · August 4, 2018, 1:07pm

Error:

[Sat Aug 4 09:41:24 BRT 2018] mail.yvespires.tk:Verify error:DNS problem: NXDOMAIN looking up TXT for _acme-challenge.mail.yvespires.tk

checked bind zone file while acme is sleeping(waiting for dns changes)

yvespires.tk. 3600 TXT "v=spf1 mx a:yvespires.tk mx a:mail.yvespires.tk ip4:177.129.104.6 ~all"
_acme-challenge.mail.yvespires.tk. 3600 TXT "Id50s6kzkOrduI8YNdP-btruJ2ZhoZ3GTuEhZeKDhLA"
_acme-challenge.webmail.yvespires.tk. 3600 TXT "T7jmehGhe9JZsWHYorUeeMb_qe1ARtOlBU24K8cbJxE"
_dmarc 3600 TXT "v=DMARC1; p=none"

Full log here: https://yvespires.com.br/files/logacme.txt

My domain is: yvespires.tk

acme.sh --debug --issue --dns dns_ispconfig -d mail.yvespires.tk -d webmail.yvespires.tk

Zimbra 8.8.9.GA.2055.UBUNTU16.64 UBUNTU16_64 FOSS edition, Patch 8.8.9_P1

Ubuntu 16.04.1 LTS

If i request cert and add the dns challenge by hand its works, on automatic it fails

JuergenAuer · August 4, 2018, 3:05pm

Hi @yvespires

did you test it with a much longer sleep time?

[Sat Aug 4 09:39:19 BRT 2018] Sleep 120 seconds for the txt records to take effect

This

yvespires.tk. 3600 TXT

looks like 60 * 60 = 3600 seconds = one hour TTL.

Perhaps use the test system, so you can create certificates without hitting the limit on the main system.

yvespires · August 6, 2018, 8:56pm

Hey

Yes, the problem as my slave dns not applying zone changes.

Thanks.

system · September 5, 2018, 8:56pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
_acme-challenge cname (as per acme-dns) broken Help	23	3421	July 21, 2021
DNS Challenge Issues Help	5	1795	April 13, 2018
_acme-challenge nxdomain issue - Cloudflare Help	5	684	May 6, 2022
Invalid response from acme-challenge Help	14	3469	May 12, 2021
DNS Challenge Error Help	4	555	September 3, 2023

Automatic challenge with DNS(dns_ispconfig) API failling

Related topics