DNS Challenge Timeout Despite Text Record Correctly Lodging

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: razor.net.nz

I ran this command:
Cosmos Server integrated ACME challenge, targetting DYNU which hosts my DDNS server and whose nameserver records are attached to my domain name.

It produced this output:

2023-09-19 08:25:09

  • 2023/09/19 08:25:09 [INFO] acme: Registering account for [redacted]@gmail.com*
    2023-09-19 08:25:10
  • 2023/09/19 08:25:10 [INFO] [razor.net.nz, .razor.net.nz] acme: Obtaining bundled SAN certificate
    2023-09-19 08:25:11
  • 2023/09/19 08:25:11 [INFO] [.razor.net.nz] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/265857463206
    2023-09-19 08:25:11
  • 2023/09/19 08:25:11 [INFO] [razor.net.nz] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/265857463216*
    2023-09-19 08:25:11
  • 2023/09/19 08:25:11 [INFO] [.razor.net.nz] acme: use dns-01 solver
    2023-09-19 08:25:11
  • 2023/09/19 08:25:11 [INFO] [razor.net.nz] acme: use tls-alpn-01 solver*
    2023-09-19 08:25:11
  • 2023/09/19 08:25:11 [INFO] [.razor.net.nz] acme: Preparing to solve DNS-01
    2023-09-19 08:25:16
  • 2023/09/19 08:25:16 [INFO] [.razor.net.nz] acme: Trying to solve DNS-01
    2023-09-19 08:25:16
  • 2023/09/19 08:25:16 [INFO] [.razor.net.nz] acme: Checking DNS record propagation using [127.0.0.11:53]
    2023-09-19 08:25:26
  • 2023/09/19 08:25:26 [INFO] Wait for propagation [timeout: 3m0s, interval: 10s]*
    2023-09-19 08:25:26
  • 2023/09/19 08:25:26 [INFO] [.razor.net.nz] acme: Waiting for DNS record propagation.
    2023-09-19 08:25:36
  • 2023/09/19 08:25:36 [INFO] [.razor.net.nz] acme: Waiting for DNS record propagation.
    2023-09-19 08:25:46
  • 2023/09/19 08:25:46 [INFO] [.razor.net.nz] acme: Waiting for DNS record propagation.
    2023-09-19 08:25:57
  • 2023/09/19 08:25:57 [INFO] [.razor.net.nz] acme: Waiting for DNS record propagation.
    2023-09-19 08:26:07
  • 2023/09/19 08:26:07 [INFO] [.razor.net.nz] acme: Waiting for DNS record propagation.
    2023-09-19 08:26:17
  • 2023/09/19 08:26:17 [INFO] [.razor.net.nz] acme: Waiting for DNS record propagation.
    2023-09-19 08:26:27
  • 2023/09/19 08:26:27 [INFO] [.razor.net.nz] acme: Waiting for DNS record propagation.
    2023-09-19 08:26:37
  • 2023/09/19 08:26:37 [INFO] [.razor.net.nz] acme: Waiting for DNS record propagation.
    2023-09-19 08:26:47
  • 2023/09/19 08:26:47 [INFO] [.razor.net.nz] acme: Waiting for DNS record propagation.
    2023-09-19 08:26:57
  • 2023/09/19 08:26:57 [INFO] [.razor.net.nz] acme: Waiting for DNS record propagation.
    2023-09-19 08:27:07
  • 2023/09/19 08:27:07 [INFO] [.razor.net.nz] acme: Waiting for DNS record propagation.
    2023-09-19 08:27:17
  • 2023/09/19 08:27:17 [INFO] [.razor.net.nz] acme: Waiting for DNS record propagation.
    2023-09-19 08:27:27
  • 2023/09/19 08:27:27 [INFO] [.razor.net.nz] acme: Waiting for DNS record propagation.
    2023-09-19 08:27:37
  • 2023/09/19 08:27:37 [INFO] [.razor.net.nz] acme: Waiting for DNS record propagation.
    2023-09-19 08:27:47
  • 2023/09/19 08:27:47 [INFO] [.razor.net.nz] acme: Waiting for DNS record propagation.
    2023-09-19 08:27:57
  • 2023/09/19 08:27:57 [INFO] [.razor.net.nz] acme: Waiting for DNS record propagation.
    2023-09-19 08:28:07
  • 2023/09/19 08:28:07 [INFO] [.razor.net.nz] acme: Waiting for DNS record propagation.
    2023-09-19 08:28:17
  • 2023/09/19 08:28:17 [INFO] [.razor.net.nz] acme: Waiting for DNS record propagation.
    2023-09-19 08:28:27
  • 2023/09/19 08:28:27 [INFO] [razor.net.nz] acme: Trying to solve TLS-ALPN-01*
    2023-09-19 08:28:47
  • 2023/09/19 08:28:47 [INFO] [.razor.net.nz] acme: Cleaning DNS-01 challenge
    2023-09-19 08:28:52
  • 2023/09/19 08:28:52 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/265857463206*
    2023-09-19 08:28:53
  • 2023/09/19 08:28:53 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/265857463216*
    2023-09-19 08:28:53
  • 2023/09/19 08:28:53 [ERROR] LETSENCRYPT_OBTAIN : error: one or more domains had a problem:*
    2023-09-19 08:28:53
  • [*.razor.net.nz] propagation: time limit exceeded: last error: NS ns5.dns.net.nz. did not return the expected TXT record [fqdn: _acme-challenge.razor.net.nz., value: _X7lnoicR85iJm9HLD[redacted]]: *
    2023-09-19 08:28:53
  • [razor.net.nz] acme: error: 400 :: urn:ietf:params:acme:error:connection :: 125.238.217.187: Timeout during connect (likely firewall problem)*
    2023-09-19 08:28:53
  • 2023/09/19 08:28:53 [ERROR] Getting TLS certificate. Fallback to previous certificate :*

My web server is (include version):
Cosmos Server 0.9.21

The operating system my web server runs on is (include version):
Debian 12 on a Proxmox VE 8 cluster node

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):
Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
Cosmos Server 0.9.21

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

2

As above, I am using Cosmos Server which has an integrated ACME cert generator. The normal SSL cert generation when ports are forwarded works fine, but I am trying to get SSL certs via DNS Challenge without needing to open the ports (given Cosmos is being primarily used as a homelab reverse proxy to internal docker hosts, VM's or linux containers with set subdomains pointing to the various services)

The API integration into DYNU works fine and the text record is being correctly set, per below :

Screenshot 2023-09-19 202620
Screenshot 2023-09-19 2026201062×166 17.3 KB

However, I get a timeout per the entry in the original post, and I'm completely stumped since as near as I can tell the entire process should be working fine.

Any idea where I'm going wrong? Any help or suggestions appreciated :slight_smile:

3

Hello @BlackrazorNZ, welcome to the Let's Encrypt community. :slightly_smiling_face:

I do not know the

But here is a link that may be of help.

Kindly wait to see if there are more knowledgeable Let's Encrypt community volunteers willing to assist.

2 Likes
4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.