DNS-01 pending state stuck

I cannot renew my wildcard cert, becasue the dns-01 auth/challenge seems broken. here is the last result:(https://acme-v02.api.letsencrypt.org/acme/authz-v3/14348282498)

Tried multiple times, all stuck/pending on dns-01 auth. I could confirm the http challenge (around 3-4 checks), and it's all okay about http.

I also changed my DNS(after the two first requests), and now it's provided by deSEC, I checked if the TXT fields are accessible using other tools, and they are all set.

Not sure, but maybe in LE(your) side, my previous DNS ns is cached and used? You may please have a check, thanks.

My domain is: yorkee.xyz

I ran this command: using ACME/PJAC java -jar acme_client.jar --command verify-domains -a account.key -w ./workdir -c yorkee.xyz.csr

It produced this output: HTTP challenge valid, dns-01 challenge pending

My web server is (include version): Self-coded, no problem with http/https challenge.

The operating system my web server runs on is (include version): Windows 2019

My hosting provider, if applicable, is: Hetzner

I can login to a root shell on my machine (yes or no, or I don't know): yeah

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): N/A

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): v3.0.1 (ACME/PJAC)

1 Like

If your http challenge is already valid then you need to move to certificate finalize and download, I don't think (?) you can validate two different challenges for one identifier, it's one or the other.



The problem was about not getting the DNS tokens by ordering the cert, as I explicitly asked, and set to the TXT record. (PJAC doc is broken)

Both HTTP and DNS are required for wildcard, and I got my new cert now, perfect.

1 Like

Great. Your question didn't mention a wildcard but I see that your linked authz was indeed for a wildcard. DNS validation is required for a wildcard, http validation is not..


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.