Certbot renew with dns-rfc2136 plugin fails

ariah · September 13, 2022, 4:37pm

My domain is: https://dashboard.panorama9.com/

I ran this command:
certbot certonly --dns-rfc2136 --dns-rfc2136-credentials </path/to/credentials.ini> -d dashboard.panorama9.com --debug-challenge -v --dns-rfc2136-propagation-seconds 120

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator dns-rfc2136, Installer None
Certificate is due for renewal, auto-renewing...
Renewing an existing certificate for dashboard.panorama9.com
Performing the following challenges:
dns-01 challenge for dashboard.panorama9.com
Unsafe permissions on credentials configuration file: /opt/certbot/p9/credentials_any.ini
Waiting 120 seconds for DNS changes to propagate

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Challenges loaded. Press continue to submit to CA.

The following FQDNs should return a TXT resource record with the value
mentioned:

FQDN: _acme-challenge.dashboard.panorama9.com
Expected value: Z9ROSx82xyVJ7Ageyp2ejrc224DghKnQ-COvtqKJ_8M
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Press Enter to Continue
Waiting for verification...
Challenge failed for domain dashboard.panorama9.com
dns-01 challenge for dashboard.panorama9.com

Certbot failed to authenticate some domains (authenticator: dns-rfc2136). The Certificate Authority reported these problems:
  Domain: dashboard.panorama9.com
  Type:   dns
  Detail: During secondary validation: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.dashboard.panorama9.com - check that a DNS record exists for this domain

Hint: The Certificate Authority failed to verify the DNS TXT records created by --dns-rfc2136. Ensure the above domains are hosted by this DNS provider, or try increasing --dns-rfc2136-propagation-seconds (currently 120 seconds).

Cleaning up challenges
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

My hosting provider, if applicable, is: godaddy

I can login to a root shell on my machine: yes

The version of my client is certbot 1.21.0

while renewal is ongoing i can validate that the TXT record is there with dig, whether using our primary, secondary dns or the public google dns.

rg305 · September 13, 2022, 5:17pm

See previous topic:

Topic		Replies	Views
Certbot renewal dns-01 challenge failure, During secondary validation: DNS problem Help	23	1727	October 15, 2022
I am trying to issue https certificate using certbot certonly --manual, but it says that "Certbot failed to authenticate some domains" Help	3	355	January 21, 2024
Certbot ignores --dns-rfc2136-propagation-seconds Help	9	1661	September 21, 2019
Problem certbot and dns-rfc2136 plugin Help	14	967	October 19, 2023
Domain authentication fails with dns-rfc2136 plugin Help	15	1344	July 27, 2022

Certbot renew with dns-rfc2136 plugin fails

Related topics