I am in the process of automating our certificate renewals. Many of the servers I’m validating lie behind a firewall and should remain private. In a previous post, I learned that I can validate a domain without opening any ports or IP addresses using the DNS challenge method, but it’s not working.
I ran certbot in manual mode with “certbot-auto -d dw.cameron.edu --manual --preferred-challenges dns certonly.” I added the appropriate DNS entries and tested them. In particular, I checked google’s DNS at 220.127.116.11 with nslookup to ensure that the TXT record is indeed accessible. It was accessible and correct. Yet, when I pressed enter to follow through to the next step, I get the following error.
Failed authorization procedure. dw.cameron.edu (dns-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.dw.cameron.edu
Can someone tell me what I’m doing wrong?