DNS Challenge Failing while generating SSL certs

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: *.zor.np.aella.tech

I ran this command:
certbot certonly -d "zor.np.aella.tech" -d "*.zor.np.aella.tech" --dns-route53
--logs-dir $HOME/aella-nonprod/letsencrypt/log/
--config-dir $HOME/aella-nonprod/letsencrypt/config/
--work-dir $HOME/aella-nonprod/letsencrypt/work/
-m platformservices@scbtechx.io
--agree-tos
--non-interactive
--server https://acme-v02.api.letsencrypt.org/directory --force-renew --account 00b35da5fe206d69a5468e65f6f5f5bf

It produced this output:
Requesting a certificate for zor.np.aella.tech and *.zor.np.aella.tech
Performing the following challenges:
dns-01 challenge for zor.np.aella.tech
dns-01 challenge for zor.np.aella.tech
Waiting for verification...
Challenge failed for domain zor.np.aella.tech
Challenge failed for domain zor.np.aella.tech
dns-01 challenge for zor.np.aella.tech
dns-01 challenge for zor.np.aella.tech
Cleaning up challenges
Some challenges have failed.
IMPORTANT NOTES:

• The following errors were reported by the server:

  Domain: zor.np.aella.tech
  Type: dns
  Detail: DNS problem: NXDOMAIN looking up TXT for
  _acme-challenge.zor.np.aella.tech - check that a DNS record exists
  for this domain

  Domain: zor.np.aella.tech
  Type: dns
  Detail: DNS problem: NXDOMAIN looking up TXT for
  _acme-challenge.zor.np.aella.tech - check that a DNS record exists
  for this domain

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:
AWS

I can login to a root shell on my machine (yes or no, or I don't know):
Yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
No
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 1.11.0

aella.tech is parked domain on godaddy,
and I don't think nither zor.np.aella.tech or np.aella.tech have public nameserver for that zone.
you need to have a public name server you control to use DNS challange

So, we used the same command to generate certs for other domains successfully, some of them are listed below:
*.lps.np.aella.tech
*.mpoc.np.aella.tech
*.ota.np.aella.tech

This is the usual process we follow for every domain to generate SSL certs but the command has been failing from last week in dns-01 challenge (for *.zor.np.aella.tech)

Your domain used Amazon Route53's nameservers up until 12 days ago. Since then, it uses GoDaddy:

image2254×580 50.8 KB

If you want your command to keep working, you need to go back to Route53. Otherwise, you need to use a GoDaddy DNS plugin, such as this or this.

Check also whether your domain expired and you forgot to renew it, because the change happened suspiciously close to your domain renewal date.

Please don't use this option if you don't know its purpose. It will NOT suddenly make a previously failing validation attempt magically pass.

Maybe the domain has been sniped and currently isn't 'owned' by OP? That would be unfortunate.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.