CNAME type validation failed in some cases

test_mail_new · March 1, 2021, 2:13am

There is the problem that I found:

Someone want to apply the LetsEncrypt certificate for domain *.cre.com.hk.

Then he set a CNAME record for _acme-challenge.cre.com.hk and the value is example.com.

And example.com had set the right TXT value that LetsEncrypt expected.

I use dig cmd to check the TXT value of example.com. It worked and it's correct.

Then I dig _acme-challenge.cre.com.hk but the expected TXT value was not found.

Why ?

This is first time that I found CNAME type validation could be come up with this situation.

JuergenAuer · March 1, 2021, 6:59am

there is no CNAME. Not for _acme-challenge.cre.com.hk, not for (not relevant) cre.com.hk.

May be the name servers are buggy, that happens.

Or that user has done something wrong, but that's speculative.

test_mail_new · March 1, 2021, 7:25am

Yeah, he had remove the CNAME record.

Thank you for your opinion.

It seems that this case is rare.

system · March 31, 2021, 7:26am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.