At first, I was just trying to get a cert for one of my subdomains running Server 2012 R2. I couldn’t get anything to play nice with IIS (I used win-simple and Certify to no avail) even though I could view the challenge in my browser. I was then informed that the DNS-based challenge has been implemented.
I am currently using https://github.com/Neilpang/le to create the request, as well as implement the TXT records. I have verified the TXT files exist in Cloudflare, as well as through dig:
[root@fedora ~]# dig @18.104.22.168 TXT _acme-challenge.rikairchy.net ; <<>> DiG 9.10.3-P3-RedHat-9.10.3-10.P3.fc23 <<>> @22.214.171.124 TXT _acme-challenge.rikairchy.net ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40246 ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;_acme-challenge.rikairchy.net. IN TXT ;; ANSWER SECTION: _acme-challenge.rikairchy.net. 299 IN TXT "XB_dujLqddWxbzk9EeW3CLYx5zdf32AOKCFYBzwIvoM" ;; Query time: 42 msec ;; SERVER: 126.96.36.199#53(188.8.131.52) ;; WHEN: Sun Mar 20 02:52:35 EDT 2016 ;; MSG SIZE rcvd: 114
But I still receive the following error:
rikairchy.net:Verify error:DNS problem: SERVFAIL looking up TXT for _acme-challenge.rikairchy.net
Any ideas why this may be?