At first, I was just trying to get a cert for one of my subdomains running Server 2012 R2. I couldn’t get anything to play nice with IIS (I used win-simple and Certify to no avail) even though I could view the challenge in my browser. I was then informed that the DNS-based challenge has been implemented.
I am currently using https://github.com/Neilpang/le to create the request, as well as implement the TXT records. I have verified the TXT files exist in Cloudflare, as well as through dig:
[root@fedora ~]# dig @8.8.8.8 TXT _acme-challenge.rikairchy.net
; <<>> DiG 9.10.3-P3-RedHat-9.10.3-10.P3.fc23 <<>> @8.8.8.8 TXT _acme-challenge.rikairchy.net
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40246
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;_acme-challenge.rikairchy.net. IN TXT
;; ANSWER SECTION:
_acme-challenge.rikairchy.net. 299 IN TXT "XB_dujLqddWxbzk9EeW3CLYx5zdf32AOKCFYBzwIvoM"
;; Query time: 42 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Sun Mar 20 02:52:35 EDT 2016
;; MSG SIZE rcvd: 114
But I still receive the following error:
rikairchy.net:Verify error:DNS problem: SERVFAIL looking up TXT for _acme-challenge.rikairchy.netAny ideas why this may be?