Certbot - recovering lost dns auth entries


#1

I am running the latest certbot and have been handling authentication via acme-dns installed on a server I control, using lexicon to manage entries…

I recently migrated approximately 30 domains onto Cloudflare’s platform, so I could renew the domains with Cloudflare as the registrar.

I did not plan the migration well, and did not pay enough attention during this process - I lost many (all?) of the DNS entries that handled my letsencrypt integration. I’ve got the acme-dns server available to letsencrypt, but I lost all(?) the CNAMEs redirects.

I’ve pored through the certbot logs looking for answers, and can’t seem to find the right debug lines. Can anyone point me in the right direction on what to look for? The acme-dns installation is fine, so I don’t need to adjust that… I just need to figure out what CNAME redirects for each domain should be.

For example, I see the debug line:

FailedChallenges: Failed authorization procedure. example.com (dns-01): urn:ietf:params:acme:error:dns :: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.example.com 

And I need to recreate the correct subdomain to cname onto acme-dns


#2

Did you already delete the zones from the previous nameservers?

If not, you could just query them directly from your old registrar/DNS host.


#3

@_az They’re all gone. I think I can use the manual hooks to piece together stuff in raw Python… but this is annoying.

edit to above: lexicon was only used for setting up the initial domains from my laptop; the acme-dns-hook script is invoked by certbot. i originally used lexicon before moving to acme-dns for security reasons.


#4

ah ha! it looks like i just need to cname _acme-challenge.${CERTBOT_DOMAIN} onto the acme-dns instance. this is much easier. all the custom challenge stuff is in acme-dns!


closed #5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.