Cannot DNS record change could not enough timeout for _acme-challange.x.company.com

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My issue is when I add the _acme-challenge.ap.company.com. to my DNS server (this is IPAM tool).. it has always expired timout.. Who can help me
My domain is:

I ran this command:
sudo certbot certonly --manual --preferred-challenges=dns --email so@company.com --server https://acme-v02.api.letsencrypt.org/directory --agree-tos -d app.company.com -d *.ap.company.com -v

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Requesting a certificate for ap.company.com and *.ap.company.com
Performing the following challenges:
dns-01 challenge for ap.company.com
dns-01 challenge for ap.company.com


Please deploy a DNS TXT record under the name:

_acme-challenge.ap.company.com.

with the following value:

lGQ_cW5hoOTbTrjfkmfsyzZmId2urto8kFFSmInF5i0Ztw


Press Enter to Continue^CCleaning up challenges

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
I am configuring Load balance for the company applications..
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 3.1.0

I don't see any such DNS record.

Is company.com really your domain?

Good morning ,
It is not our real company name. is it really necessary ? the issue TTL period. When I change from IPAM , command prompts already expired

From the questionnaire:

Also, what's the exact error from the ACME server? In your post there was a Ctrl-C before anything is when shown.

Or is it Certbot that's timing out?

That domain name is valid and belongs to someone else. Please don't use other people's domain names in examples.

Use example.com if you must. But, debugging DNS query problems is very difficult without an actual domain name. And, without seeing the actual error we don't have much to work with. Well, without either we don't have anything to work with :slight_smile:

2 Likes