Dns challenge not recognized


#1

I tried to get a wildcard certificate and needed the dns challenge. I entered the given text in the _acme-challenge.lucydekruijf.nl TXT record using the service of my domain name service provider. When I retrieve the record it is shown with double quotes around the challenge text. Apparently this is seen not as a proper entry, so the request is ignored.


#2

Hi @freekdk

I get:

nslookup -type=txt _acme-challenge.lucydekruijf.nl.
_acme-challenge.lucydekruijf.nl text =

   "L3X8u_rBk95u1FxTIxtrJnYzrsoxQhSvqeBu5abDnp0"

This is the correct format, if you want a certificate with *.lucydekruijf.nl as domain name.

If you want a certificate with two domain names

*.lucydekruijf.nl lucydekruijf.nl

then you need two of these entries with the same name and different values.


#3

Indeed I got two requests. Did not realize I needed two records. Maybe this should be made more explicit. Something like Enter a second TXT record with the following content.


#4

Hi @freekdk, were you using Certbot? I have a patch to Certbot to provide this hint, but it hasn’t become part of the released version yet. Or were you using some other client software?

It’s helpful to know that people are sometimes getting confused about this issue.


#5

Yes, I was using certbot. Previously I used the http challenge which also asked twice. But there the system is unable to read different values from the same resource, although one can be asked to enter two lines in the acme file.

Anyway, thanks for the prompt answer.


#6

Thanks, this has served as a reminder for me to create

so that I’ll remember to incorporate this functionality into Certbot.

This simply changes the Certbot message when there is more than one domain name to tell users that they should leave all of the previous authentication steps in place when carrying out new ones.


#7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.