Cannot verify acme challenge

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g., so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain

I ran this command: sudo certbot certonly -d,* --server \ --manual --preferred-challenges dns-01

It produced this output:Failed authorization procedure. (dns-01): urn:ietf:params:acme:error:dns :: DNS problem: NXDOMAIN looking up TXT for - check that a DNS record exists for this domain, (dns-01): urn:ietf:params:acme:error:dns :: DNS problem: NXDOMAIN looking up TXT for - check that a DNS record exists for this domain

My web server is (include version):slight_smile:nginx

The operating system my web server runs on is (include version):Raspbian buster

My hosting provider, if applicable, is:GoDaddy

I can login to a root shell on my machine (yes or no, or I don’t know):yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):GoDaddy DNS tool

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):0.31.0

Ceertbot had me create two TXT records. I could see both with “nslookup -q=TXT” If I use “nslookup -Q=TXT” reports “non-existent domain”

The DNS TXT records are name="" and value=certbot-specified challenge string.

1 Like

Hi @ArkansasEncrypter

checking your domain via - you have created the wrong entries.

Your menu adds the domain name. So you have a duplicated domain name.

Create only two entries with _acme-challenge.

Compare it with

1 Like

Also, the first one has an extra N.

1 Like

Thanks for your help. I think that the problem is how GoDaddy specifies TXT records (or my understanding of how to specify DNS records). I tried two methods, only the first one appears in an nslookup request. Will this work with letsencrypt? Once again, thanks for your help.
The two methods are:
Type = TXT Name = @ Value = _acme-challenge=OG6HhuKdBVUrRMyO0ZN
Type = TXT Name = _acme-challenge Value = OG6HhuKdBVUrRMyO0ZN

1 Like

Thanks for the observation. I made the error only in this message, not in the actual certificate request.

1 Like

Oh, oh. You were right!! I misspelled my domain when I entered it into certbot, and that was the problem. Using a TXT record with DomainName= _acme-challenge works as it is supposed to. Thanks again for your help and I’m sorry that I wasted your time because of my poor reading skills.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.