Challenge dns succeeds but cerbot still refuses to obtain the certificate

Hello,

I come to see you because the dns challenge worked but certbot continues to refuse me the certficat.

Here is what it says in my .conf

<VirtualHost *:80> ServerAdmin contact@aseaction.fr
DocumentRoot /var/www/aseaction/
ServerName aseaction.com
ServerAlias www.aseaction.fr

<Directory /var/www/aseaction/>
    Options Indexes FollowSymLinks
    AllowOverride All
    Require all granted
</Directory>

ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined

<IfModule mod_dir.c>
    DirectoryIndex index.php index.pl index.cgi index.html index.xhtml index.htm
</IfModule>

Concerning the versions I use I am under a vps under debian 10, my version of certbot is 1.24.0 and I use apache 2.4.52 I also made sure that my router let pass the port 80 and 443 and on the vps I accept in input and output all the traffic coming also from the port 80 and 443

If I trust the image above the challenge worked because the txt on the dns returns the expected string, yet I have this message from certbot.

_acme-challenge.aseaction.fr.

with the following value:

9CnkRk7Wca86CP3mJevN_yxPqYbJQbxDo4qITDTFOjs

Before continuing, verify the TXT record has been deployed. Depending on the DNS
provider, this may take some time, from a few seconds to multiple minutes. You can
check if it has finished deploying with aid of online tools, such as the Google
Admin Toolbox: Dig (DNS lookup).
Look for one or more bolded line(s) below the line ';ANSWER'. It should show the
value(s) you've just added.


Press Enter to Continue

Certbot failed to authenticate some domains (authenticator: manual). The Certificate Authority reported these problems:
Domain: aseaction.fr
Type: dns
Detail: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.aseaction.fr - check that a DNS record exists for this domain

Hint: The Certificate Authority failed to verify the manually created DNS TXT records. Ensure that you created these in the correct location, or try waiting longer for DNS propagation on the next attempt.

Some challenges have failed.

Here we can see that the chain is the same but the error seems to say that the TXT is not there... so I don't understand, but in principle nothing blocks the connection since as said above I did what I had to do with the firewall...

I thank you in advance for your help

Sincerely

1 Like

One is ".com", the other is ".fr"
Is that correct?

3 Likes

You probably have to wait in between inserting the record and telling certbot to validate.

There should be a plugin to automate this work for your DNS provider (OVH).

2 Likes

I see a cert issued earlier today with that domain name. Are you still having problems?
https://tools.letsdebug.net/cert-search?m=domain&q=aseaction.fr&d=168

2 Likes

Hello to all,

Between the time this topic was validated by the moderators and now the topic is resolved and it was really stupid! I spent several hours searching for nothing!

The result was simply that I copied and pasted stupidly the http challenge without paying attention that the domain name ended up with itself!

So aseaction.fr.aseaction.fr!

I was looking for permissions or conf of my virtual hist since the beginning for nothing! Sorry for the inconvenience and thanks

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.