DNS-01 challenge, Error finding zone. Skipping cleanup

himakarpv · May 17, 2019, 10:36pm

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:mettavisions.com

I ran this command:sudo certbot -a dns-google -i apache -d “*.mettavisions.com” -d mettavisions.com --server https://acme-v02.api.letsencrypt.org/directory

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator dns-google, Installer apache
Obtaining a new certificate
Performing the following challenges:
dns-01 challenge for mettavisions.com
dns-01 challenge for mettavisions.com
URL being requested: GET https://www.googleapis.com/discovery/v1/apis/dns/v1/rest
URL being requested: GET https://www.googleapis.com/dns/v1/projects/mettavisions/managedZones?dnsName=mettavisions.com.&alt=json
Cleaning up challenges
URL being requested: GET https://www.googleapis.com/discovery/v1/apis/dns/v1/rest
URL being requested: GET https://www.googleapis.com/dns/v1/projects/mettavisions/managedZones?dnsName=mettavisions.com.&alt=json
Error finding zone. Skipping cleanup.
URL being requested: GET https://www.googleapis.com/discovery/v1/apis/dns/v1/rest
URL being requested: GET https://www.googleapis.com/dns/v1/projects/mettavisions/managedZones?dnsName=mettavisions.com.&alt=json
Error finding zone. Skipping cleanup.
Encountered error finding managed zone: <HttpError 401 when requesting https://www.googleapis.com/dns/v1/projects/mettavisions/managedZones?dnsName=mettavisions.com.&alt=json returned "Request is missing required authentication credential. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.">

My web server is (include version): Apache/2.4.29 (Ubuntu)

The operating system my web server runs on is (include version):Ubuntu 18.04 Bionic

My hosting provider, if applicable, is:GCP

I can login to a root shell on my machine (yes or no, or I don’t know):yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):certbot 0.31.0

JuergenAuer · May 17, 2019, 10:49pm

Hi @himakarpv

checking your name servers ( https://check-your-website.server-daten.de/?q=mettavisions.com ) you use:

	•  ns-cloud-b1.googledomains.com
	216.239.32.107	•

There is an older topic:

Read the earlier output, the name servers:

rev79.app
	•  ns-cloud-a1.googledomains.com
	216.239.32.106	•

So that domain uses the same name servers:

And the conclusion of that topic from @jmorahan

As I understand it, the dns-google plugin works with Google Cloud DNS, not Google Domains.

I'm not so firm with these Google Cloud DNS solution, ns-cloud-a1.googledomains.com sounds like a Google Cloud DNS.

But the nameservers are the same, so that may be the reason that can't work.

himakarpv · May 17, 2019, 10:58pm

Hi @JuergenAuer ,

Thank you for reply. Yes I have Cloud DNS, and it is common to have googledomains text in the nameserver. Here issue is with authentication, but as I am using Compute Engine it doesn’t require any credentials file, I even assigned the service account to Instance. I am not sure where the issue is !

JuergenAuer · May 17, 2019, 11:02pm

Perhaps check

himakarpv · May 17, 2019, 11:35pm

Tried it but ran to another error :

Failed authorization procedure. mettavisions.com (dns-01): urn:ietf:params:acme:error:dns :: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.mettavisions.com

IMPORTANT NOTES:

The following errors were reported by the server:

Domain: mettavisions.com
Type: None
Detail: DNS problem: NXDOMAIN looking up TXT for
_acme-challenge.mettavisions.com

JuergenAuer · May 18, 2019, 12:10am

That's the main problem, if the dns-google-plugin isn't compatible with your setup.

You can add

--debug-challenges

then Certbot should wait before doing the next step after the plugin has created the TXT entry. So you can recheck your domain and test, if the TXT entry is visible.

himakarpv · May 18, 2019, 6:06am

Thanks bro, it ran without errors, but there is no TXT entry created. When I use “mettavisions.com” in the browser it shows website without https and when I use “https://mettavisions.com” it is landing Ubuntu default page.
May I know what is happening here, why mettavisions.com is not automatically redirecting to https://mettavisions.com or to https://www.mettavisions.com.

Before adding ssl it used to redirect to www.mettavisioins.com when I entered mettavisions.com, this is not happening now with https. What could be the issue?

himakarpv · May 18, 2019, 6:33am

Now https://mettavisions.com is working but how can I redirect http://mettavisions.com to https://

and also I want to redirect everything to https://www.mettavisions.com not to https://mettavisions.com. How is this possible?

himakarpv · May 18, 2019, 7:02am

http://mettavisions.com to https://

I made this working. Now below conditions are working :
mettavisions.com to https://www.mettavisions.com
www.mettavisions.com to https://www.mettavisions.com

but redirecting from https://mettavisions.com to https://www.mettavisions.com is not working. I have these rewrite rules :

RewriteEngine on
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^ https://www.mettavisions.com%{REQUEST_URI} [R=301,L,NE]

Where I am wrong ?

system · June 17, 2019, 7:02am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.