DNS Challenge Issues

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:yless4u.com.au

I ran this command:
./certbot-auto -d mail.yless4u.com.au --manual --preferred-challenges dns certonly

It produced this output:
_acme-challenge.mail.yless4u.com.au IN TXT “V8r9EMOAs2D9WW00NYONEbS4NPQ_vW6dFn95ja2onqk”

My web server is (include version):

The operating system my web server runs on is (include version): CentOS6

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):
Yes all from CLI

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

Nothing I do will make this work.
I get the following error all the time…
Failed authorization procedure. mail.yless4u.com.au (dns-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.mail.yless4u.com.au

Hi @jagman2020,

I just replied to you in IRC as well: it doesn’t seem like your authoritative DNS servers have that record from here.

I recommend double checking that you’re creating the record correctly and that your DNS provider is making sure it gets setup.

I have checked and can post the relevant file… It has worked previously… Not sure why not now…

@ IN SOA ns.yless4u.com.au. admin.yless4u.com.au. (
2018031509 ; serial
15m ; refresh
15m ; update retry
30d ; expiry
2h ; nxdomain ttl

            IN      NS      ns.yless4u.com.au.
            IN      NS      ns2.yless4u.com.au.
            IN      NS      ns3.ozlabs.org.
            IN      NS      ns4.ozlabs.org.

            IN      MX      10 mx1.yless4u.com.au.
            IN      MX      20 mx6.yless4u.com.au.
            IN      MX      30 mx2.yless4u.com.au.
            IN      MX      40 mx3.yless4u.com.au.
            IN      MX      50 mx4.yless4u.com.au.
            IN      MX      60 mx5.yless4u.com.au.

            IN      A
            IN      TXT     "v=spf1 ip4: mx ~all"
            IN      TXT     "google-site-verification=e9NQ46uRK4QYO3oVUMChPm-Spe9oGzKe0FZu81zgB28"

he IN NS ns1.he.net.
IN NS ns2.he.net.
IN NS ns3.he.net.
IN NS ns4.he.net.
IN NS ns5.he.net.


gw1-old IN A

mail IN A
IN TXT "v=spf1 a -all"
IN TXT "Jason09"
IN TXT “V8r9EMOAs2D9WW00NYONEbS4NPQ_vW6dFn95ja2onqk”
_acme-challenge.mail.yless4u.com.au IN TXT “V8r9EMOAs2D9WW00NYONEbS4NPQ_vW6dFn95ja2onqk”
_acme.challenge.mail IN TXT “test”

imap IN CNAME mail
pop IN CNAME mail
smtp IN CNAME mail

oldweb IN A

mx1 IN A

mx2 IN A

As I said, you need to use “_acme-challenge.mail” or “_acme-challenge.mail.yless4u.com.au.”, like with the "test" record that exists now.

Delete the “_acme-challenge.mail.yless4u.com.au” record, run Certbot again, and change “test” to the new value Certbot gives.

1 Like

Thanks… it was the dot at the end that had me stuffed… Thanks a bunch… Wish i asked 8 hours ago

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.