DNS challenge workflow

gcrawshaw · August 14, 2025, 7:49pm

When I get the challenge response I take the value in the text field and add it my DNS server as a TXT record for _acme-challenge.FQDN. But the order fails to finalize due to failed verification. Do I have the workflow correct? Thanks.

dig -t txt _acme-challenge.gw.gkc.leostreamvpam.com +short

"8Sw77SNDA56pBKFEDnLoIezvrpfO4hctQtCCInol4aQ.l173mXvPx3vAAtV9mErp40-mBPrSqkj2v9l5NwVndWQ"

Domain gw.gkc.leostreamvpam.com has failed verification (status code 200).
All verifications failed
Connecting to https://acme-v02.api.letsencrypt.org/acme/finalize/2595831206/417897447186
Could not finalize an order.

mcpherrinm · August 14, 2025, 8:09pm

No, the token doesn't go right in DNS. You should go re-read the DNS challenge section of RFC8555 for details on how to compute the final value.

I'd also suggest you test against Pebble locally, which will allow you to introspect the process a bit more.

gcrawshaw · August 14, 2025, 10:52pm

Thank you! Will do.

system · September 13, 2025, 10:53pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
'invalid' status for dns-01 challenge in custom acme-client Help	3	1808	May 21, 2019
Records getting mixed up during verification Client dev	10	159	February 24, 2025
DNS TXT challenge verification Client dev	8	2568	May 30, 2019
Dns-01 challenge failure / wildcard certificate Client dev	3	2221	June 15, 2018
Generate dns-01 TXT challenge with ACME-python Help	11	1804	March 3, 2023

DNS challenge workflow

Related topics