Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:blubeez.ca
I ran this command:Add TXT record with the name/host _acme-challenge.www.blubeez.ca with the value 8KtyNzk1DnFoIaRo7KPuxsY2oP4k3DkAiJENPtiMvMs
It produced this output: No TXT Record Found. Set the TTL to 1 second or if you cannot set the TTL then you must wait the TTL (in seconds) so it updates before verifying the domain.
You mention “second” in the title, but your post doesn’t resemble such a thing. Did you by chance also request a certificate for
blubeez.ca (i.e., without
Yes, I did. Here is the instructions:
Upload Verification Files
Go into the DNS management page that your domains use (This link may help with setting up your TXT records [ignoring Google specific parts]).
Add the following TXT records below to the DNS server for each domain (In the Time to Live (TTL) field, enter 1):
Add TXT record with the name/host _acme-challenge.blubeez.ca with the value MtjPB8-mbyi5tpqeiZUciCPRJbe9d9Yel2M9XJDOs50
Add TXT record with the name/host _acme-challenge.www.blubeez.ca with the value 8KtyNzk1DnFoIaRo7KPuxsY2oP4k3DkAiJENPtiMvMs
Verify TXT records have been propagated by going to the following links. The corresponding values above should show up within the record:
You may have to wait a minute to a couple minutes for the DNS TXT record to propagate if the TTL record value does not show up or is not the same as the above values. If you get an error during verification that says “JWS has invalid anti-replay nonce” then just refresh the page (resending post data if prompted) until it works.
Click Download SSL Certificate below.
I can verify the first TXT record but the second one doesn’t work.
It doesn’t look like you actually created this TXT record. Your domain’s nameservers return NXDOMAIN for it.
I created the second TXT exactly the same as the first one.
It doesn’t exist at this time, though.
I am using Google Domains. I don’t undrestand.
Neither do I, but it is the case.
$ dig _acme-challenge.www.blubeez.ca txt
; <<>> DiG 9.10.3-P4-Ubuntu <<>> _acme-challenge.www.blubeez.ca txt
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 44179
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;_acme-challenge.www.blubeez.ca. IN TXT
;; Query time: 62 msec
;; SERVER: ::1#53(::1)
;; WHEN: Sun Jan 07 06:29:19 UTC 2018
;; MSG SIZE rcvd: 59
You probably made an error with the way you input the record.
Perhaps take a screenshot of the two _acme-challenge records in the Google DNS manager and upload it here.
I think I made a mistake but I can’t figure it out.
www.blubeez.ca. zone is delegated to one Amazon Route 53 DNS server. (You should specify all 4, though.) So you have to create the
_acme-challenge.www.blubeez.ca. record at Amazon.
Edit: Or, more to the point, don’t delegate that zone if you don’t need to.
Thank you for your suggestion. I deleted the NS Amazon record and it is working now.
Thank you for your help.
A post was split to a new topic: DNS validation error
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.