Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: bigbay4bestbuys.com
I ran this command and It produced this output:
[root@main ~]# certbot certonly --dry-run --dns-rfc2136 --dns-rfc2136-credentials /vpath to/.credentials.ini -d “*.xxxxxxxxxxxx.com” -d xxxxxxxxxxxx.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator dns-rfc2136, Installer None
Starting new HTTPS connection (1): acme-staging-v02.api.letsencrypt.org
Cert is due for renewal, auto-renewing…
Renewing an existing certificate
Performing the following challenges:
dns-01 challenge for xxxxxxxxxxxx.com
dns-01 challenge for xxxxxxxxxxxx.com
Cleaning up challenges
Encountered exception during recovery:
Traceback (most recent call last):
File “/usr/lib/python2.7/site-packages/certbot/error_handler.py”, line 124, in _call_registered
self.funcs-1
File “/usr/lib/python2.7/site-packages/certbot/auth_handler.py”, line 220, in _cleanup_challenges
self.auth.cleanup(achalls)
File “/usr/lib/python2.7/site-packages/certbot/plugins/dns_common.py”, line 77, in cleanup
self._cleanup(domain, validation_domain_name, validation)
File “/usr/lib/python2.7/site-packages/certbot_dns_rfc2136/dns_rfc2136.py”, line 79, in _cleanup
self._get_rfc2136_client().del_txt_record(validation_name, validation)
File “/usr/lib/python2.7/site-packages/certbot_dns_rfc2136/dns_rfc2136.py”, line 163, in del_txt_record
.format(e))
PluginError: Encountered error deleting TXT record: The peer didn’t know the key we used
Encountered error adding TXT record: The peer didn’t know the key we used
same output for certbot renew
My web server is (include version): Apache/2.4.41 (codeit) OpenSSL/1.1.1d mod_fcgid/2.3.9 PHP/7.3.12 mod_perl/2.0.11 Perl/v5.16.3
The operating system my web server runs on is (include version): [root@main ~]# cat /etc/centos-release
CentOS Linux release 7.7.1908 (Core)
My hosting provider, if applicable, is: vpsdime
I can login to a root shell on my machine (yes or no, or I don’t know): yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no - but I have webmin installed
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you’re using Certbot): [root@main ~]# certbot --version
certbot 0.39.0
This was working but I had to restart named in the middle while waiting for propagation
I am using a cname setup so the challenge does not screw up the main domain file via a side domain _acme challenge
I am running my own dns with bind pointing to googles public servers
This is in the letsencrypt log
2019-11-30 15:19:49,307:DEBUG:certbot_dns_rfc2136.dns_rfc2136:No authoritative SOA record found for _acme-challenge.bigbay4bestbuys.com
2019-11-30 15:19:49,309:DEBUG:certbot_dns_rfc2136.dns_rfc2136:Received authoritative SOA response for bigbay4bestbuys.com
2019-11-30 15:19:49,311:DEBUG:certbot.error_handler:Encountered exception:
The SOA file for the acme challenge is in the var/named/dynamic directory as so binds Centos setup will work as a dynamic dns and Certbot is able to write mkey and mkey.jnl files there (today)
but a rndc sync -clean does not seem to delete the jnl files anymore and a stop and start of named simply resets the time stamp on them
So what has changed ??