Hi, i tried to use certbot with dns-rfc2136. I take a look the issues in the community. Follow steps i know to fix. But still have the error. No idea. Please help.
the /var/named folder already give named user right
etc/named.conf
acl allowed {
192.168.1.0/24;
};
options {
listen-on port 53 { any; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { any; };
recursion no;
dnssec-enable no;
dnssec-validation no;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.root.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
forwarders {
192.168.1.1;
8.8.8.8;
};
};
logging {
channel querylog {
file "/var/named/data/named-querylog";
print-category yes;
print-time yes;
};
category queries {
querylog;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
zone "dev.example.com" {
type master;
file "/var/named/dev.example.com.hosts";
};
key "certbot." {
algorithm hmac-sha512;
secret "xxxx";
};
zone "_acme-challenge.dev.example.com" {
type master;
file "/var/named/_acme-challenge.dev.example.com.hosts";
check-names ignore;
allow-query { any; };
update-policy {
grant certbot. name _acme-challenge.dev.example.com. txt;
};
};
certbot-credentials.ini (Already run chmod 777)
dns_rfc2136_server = 127.0.0.1
dns_rfc2136_port = 53
dns_rfc2136_name = certbot.
dns_rfc2136_secret = "xxxxx"
dns_rfc2136_algorithm = HMAC-SHA512
2022-06-27 16:22:10,264:INFO:certbot._internal.auth_handler:Performing the following challenges:
2022-06-27 16:22:10,265:INFO:certbot._internal.auth_handler:dns-01 challenge for dev.example.com
2022-06-27 16:22:10,265:WARNING:certbot.plugins.dns_common:Unsafe permissions on credentials configuration file: /var/named/certbot-credentials.ini
2022-06-27 16:22:10,272:DEBUG:certbot_dns_rfc2136._internal.dns_rfc2136:No authoritative SOA record found for _acme-challenge.dev.example.com
2022-06-27 16:22:10,279:DEBUG:certbot_dns_rfc2136._internal.dns_rfc2136:Received authoritative SOA response for dev.example.com
2022-06-27 16:22:10,285:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
File "/var/lib/snapd/snap/certbot/2133/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 86, in handle_authorizations
resps = self.auth.perform(achalls)
File "/var/lib/snapd/snap/certbot/2133/lib/python3.8/site-packages/certbot/plugins/dns_common.py", line 76, in perform
self._perform(domain, validation_domain_name, validation)
File "/snap/certbot-dns-rfc2136/current/lib/python3.8/site-packages/certbot_dns_rfc2136/_internal/dns_rfc2136.py", line 84, in _perform
self._get_rfc2136_client().add_txt_record(validation_name, validation, self.ttl)
File "/snap/certbot-dns-rfc2136/current/lib/python3.8/site-packages/certbot_dns_rfc2136/_internal/dns_rfc2136.py", line 146, in add_txt_record
raise errors.PluginError('Received response from server: {0}'
certbot.errors.PluginError: Received response from server: REFUSED
Command to run
certbot certonly --dns-rfc2136 --dns-rfc2136-credentials /var/named/certbot-credentials.ini -d dev.example.com -d *.dev.example.com