DNS Challenge Issues

jagman2020 · March 14, 2018, 9:43pm

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:yless4u.com.au

I ran this command:
./certbot-auto -d mail.yless4u.com.au --manual --preferred-challenges dns certonly

It produced this output:
_acme-challenge.mail.yless4u.com.au IN TXT “V8r9EMOAs2D9WW00NYONEbS4NPQ_vW6dFn95ja2onqk”

My web server is (include version):

The operating system my web server runs on is (include version): CentOS6

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):
Yes all from CLI

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

Nothing I do will make this work.
I get the following error all the time…
Failed authorization procedure. mail.yless4u.com.au (dns-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.mail.yless4u.com.au

cpu · March 14, 2018, 9:44pm

Hi @jagman2020,

I just replied to you in IRC as well: it doesn’t seem like your authoritative DNS servers have that record from here.

I recommend double checking that you’re creating the record correctly and that your DNS provider is making sure it gets setup.

jagman2020 · March 14, 2018, 10:11pm

I have checked and can post the relevant file… It has worked previously… Not sure why not now…

$TTL 1H
@ IN SOA ns.yless4u.com.au. admin.yless4u.com.au. (
2018031509 ; serial
15m ; refresh
15m ; update retry
30d ; expiry
2h ; nxdomain ttl
)

            IN      NS      ns.yless4u.com.au.
            IN      NS      ns2.yless4u.com.au.
            IN      NS      ns3.ozlabs.org.
            IN      NS      ns4.ozlabs.org.

            IN      MX      10 mx1.yless4u.com.au.
            IN      MX      20 mx6.yless4u.com.au.
            IN      MX      30 mx2.yless4u.com.au.
            IN      MX      40 mx3.yless4u.com.au.
            IN      MX      50 mx4.yless4u.com.au.
            IN      MX      60 mx5.yless4u.com.au.

            IN      A       103.22.144.4
            IN      TXT     "v=spf1 ip4:202.55.153.3 mx ~all"
            IN      TXT     "google-site-verification=e9NQ46uRK4QYO3oVUMChPm-Spe9oGzKe0FZu81zgB28"

he IN NS ns1.he.net.
IN NS ns2.he.net.
IN NS ns3.he.net.
IN NS ns4.he.net.
IN NS ns5.he.net.

; 202.55.153.0

gw1-old IN A 202.55.153.1

mail IN A 202.55.153.3
IN TXT "v=spf1 a -all"
IN TXT "Jason09"
IN TXT “V8r9EMOAs2D9WW00NYONEbS4NPQ_vW6dFn95ja2onqk”
_acme-challenge.mail.yless4u.com.au IN TXT “V8r9EMOAs2D9WW00NYONEbS4NPQ_vW6dFn95ja2onqk”
_acme.challenge.mail IN TXT “test”

imap IN CNAME mail
pop IN CNAME mail
smtp IN CNAME mail

oldweb IN A 202.55.153.4

mx1 IN A 202.55.153.11

mx2 IN A 202.55.153.12

mnordhoff · March 14, 2018, 10:13pm

As I said, you need to use “_acme-challenge.mail” or “_acme-challenge.mail.yless4u.com.au.”, like with the "test" record that exists now.

Delete the “_acme-challenge.mail.yless4u.com.au” record, run Certbot again, and change “test” to the new value Certbot gives.

jagman2020 · March 14, 2018, 10:20pm

Thanks… it was the dot at the end that had me stuffed… Thanks a bunch… Wish i asked 8 hours ago

system · April 13, 2018, 10:20pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.