Challenge error

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
auto-dealership-news.com

I ran this command:
Deleted the site folder in /root/.acme.sh

acme.sh --issue -d auto-dealership-news.com -d *.auto-dealership-news.com --dns --force --yes-I-know-dns-manual-mode-enough-go-ahead-please

Added the shown DNS record

acme.sh --renew -d auto-dealership-news.com -d *.auto-dealership-news.com --dns --force --yes-I-know-dns-manual-mode-enough-go-ahead-please

It produced this output:
[root@serv1-www .acme.sh]# acme.sh --renew -d auto-dealership-news.com -d .auto-dealership-news.com --dns --force --yes-I-know-dns-manual-mode-enough-go-ahead-please
[Mon Apr 22 00:06:09 UTC 2019] Renew: ‘auto-dealership-news.com
[Mon Apr 22 00:06:10 UTC 2019] Multi domain='DNS:auto-dealership-news.com,DNS:.auto-dealership-news.com’
[Mon Apr 22 00:06:10 UTC 2019] Getting domain auth token for each domain
[Mon Apr 22 00:06:10 UTC 2019] Verifying: auto-dealership-news.com
[Mon Apr 22 00:06:24 UTC 2019] auto-dealership-news.com:Challenge error: {“type”:“urn:ietf:params:acme:error:malformed”,“detail”:“Unable to update challenge :: authorization must be pending”,“status”: 400}
[Mon Apr 22 00:06:24 UTC 2019] Please check log file for more details: /root/.acme.sh/acme.sh.log
[Mon Apr 22 00:06:31 UTC 2019] The dns manual mode can not renew automatically, you must issue it again manually. You’d better use the other modes instead.

My web server is (include version):
[root@serv1-www .acme.sh]# httpd -v
Server version: Apache/2.4.6 (CentOS)
Server built: Dec 15 2014 17:32:clock430:

The operating system my web server runs on is (include version):
Operating System: CentOS Linux 7 (Core)
CPE OS Name: cpe:/o:centos:centos:7
Kernel: Linux 2.6.32-042stab133.2

My hosting provider, if applicable, is:
Root Level Tech

I can login to a root shell on my machine (yes or no, or I don’t know):
Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
VestaCP 0.9.8-24

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
certbot 0.33.1

2

Hi @inboxspecialists

you have created the wrong entries ( https://check-your-website.server-daten.de/?q=auto-dealership-news.com ):

TXT - Entries

Domainname TXT Entry Status ∑ Queries ∑ Timeout
auto-dealership-news.com v=spf1 mx ip4:96.46.142.128/29 -all ok 1 0
auto-dealership-news.com spf2.0/pra,mfrom +mx +ip4:96.46.142.128/29 -all ok 1 0
auto-dealership-news.com _acme-challenge=IHe0FPXUsH3SQRGgAgbyLPYDosMDJd-Kt-B-9u9JxjI warning: _acme-challenge as TXTValue, not part of the domain name 1 0
auto-dealership-news.com _acme-challenge=WQH8cqgEbtt8u8OfEx9e6IHpsnkAXPYbkB0bg_Tc1f8 warning: _acme-challenge as TXTValue, not part of the domain name 1 0

The output should look like

definition
definition1143×401 18.9 KB

Add _acme-challenge as name. As value only IHe0FPXUsH3SQRGgAgbyLPYDosMDJd-Kt-B-9u9JxjI.

3

Hmm that’s quite strange , i checked here and it shows correctly. But ill try updating it.

4

thx for link ‘https://check-your-website.server-daten.de’ ), very usefull)

2 Likes
5

Thanks.

And Thanks retour - I’ve added a lot of checks because of problems users reported in this forum.

1 Like
6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.