Automatic challenge with DNS(dns_ispconfig) API failling


#1

Error:

[Sat Aug 4 09:41:24 BRT 2018] mail.yvespires.tk:Verify error:DNS problem: NXDOMAIN looking up TXT for _acme-challenge.mail.yvespires.tk

checked bind zone file while acme is sleeping(waiting for dns changes)

yvespires.tk. 3600 TXT “v=spf1 mx a:yvespires.tk mx a:mail.yvespires.tk ip4:177.129.104.6 ~all”
_acme-challenge.mail.yvespires.tk. 3600 TXT “Id50s6kzkOrduI8YNdP-btruJ2ZhoZ3GTuEhZeKDhLA”
_acme-challenge.webmail.yvespires.tk. 3600 TXT “T7jmehGhe9JZsWHYorUeeMb_qe1ARtOlBU24K8cbJxE”
_dmarc 3600 TXT “v=DMARC1; p=none”

Full log here: https://yvespires.com.br/files/logacme.txt

My domain is: yvespires.tk

acme.sh --debug --issue --dns dns_ispconfig -d mail.yvespires.tk -d webmail.yvespires.tk

Zimbra 8.8.9.GA.2055.UBUNTU16.64 UBUNTU16_64 FOSS edition, Patch 8.8.9_P1

Ubuntu 16.04.1 LTS

If i request cert and add the dns challenge by hand its works, on automatic it fails


#2

Hi @yvespires

did you test it with a much longer sleep time?

[Sat Aug 4 09:39:19 BRT 2018] Sleep 120 seconds for the txt records to take effect

This

yvespires.tk. 3600 TXT

looks like 60 * 60 = 3600 seconds = one hour TTL.

Perhaps use the test system, so you can create certificates without hitting the limit on the main system.


#3

Hey

Yes, the problem as my slave dns not applying zone changes.

Thanks.


#4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.