Cannot verify acme challenge

ArkansasEncrypter · February 10, 2020, 10:46pm

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:ronaronica.com

I ran this command: sudo certbot certonly -d ronaronnica.com,*.ronaronica.com --server \
https://acme-v02.api.letsencrypt.org/directory --manual --preferred-challenges dns-01

It produced this output:Failed authorization procedure. ronaronnica.com (dns-01): urn:ietf:params:acme:error:dns :: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.ronaronnica.com - check that a DNS record exists for this domain, ronaronica.com (dns-01): urn:ietf:params:acme:error:dns :: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.ronaronica.com - check that a DNS record exists for this domain

My web server is (include version)nginx

The operating system my web server runs on is (include version):Raspbian buster

My hosting provider, if applicable, is:GoDaddy

I can login to a root shell on my machine (yes or no, or I don’t know):yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):GoDaddy DNS tool

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):0.31.0

Ceertbot had me create two TXT records. I could see both with “nslookup -q=TXT _acme-challenge.ronaronica.com.ronaronica.com” If I use “nslookup -Q=TXT _acme-challenge.ronaronica.com” reports “non-existent domain”

The DNS TXT records are name="_acme-challenge.ronaronica.com" and value=certbot-specified challenge string.

JuergenAuer · February 10, 2020, 11:09pm

Hi @ArkansasEncrypter

checking your domain via https://check-your-website.server-daten.de/?q=ronaronica.com#txt - you have created the wrong entries.

Your menu adds the domain name. So you have a duplicated domain name.

Create only two entries with _acme-challenge.

Compare it with

mnordhoff · February 10, 2020, 11:14pm

Also, the first one has an extra N. ronaroNNica.com.

ArkansasEncrypter · February 11, 2020, 8:39pm

Thanks for your help. I think that the problem is how GoDaddy specifies TXT records (or my understanding of how to specify DNS records). I tried two methods, only the first one appears in an nslookup request. Will this work with letsencrypt? Once again, thanks for your help.
The two methods are:
Type = TXT Name = @ Value = _acme-challenge=OG6HhuKdBVUrRMyO0ZN
Type = TXT Name = _acme-challenge Value = OG6HhuKdBVUrRMyO0ZN

ArkansasEncrypter · February 11, 2020, 8:41pm

Thanks for the observation. I made the error only in this message, not in the actual certificate request.

ArkansasEncrypter · February 11, 2020, 9:01pm

Oh, oh. You were right!! I misspelled my domain when I entered it into certbot, and that was the problem. Using a TXT record with DomainName= _acme-challenge works as it is supposed to. Thanks again for your help and I’m sorry that I wasted your time because of my poor reading skills.

system · March 12, 2020, 9:01pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.