DNS problem: NXDOMAIN looking up TXT: Azure plugin, manual plugin

Help
1

Hi,
Can you please help me certificate generation.

I'm trying to generate * certificate for my Azure app using Poshacme utility.
I created dns zone for test first, with domain: spuffingbot.com

I tried few variations of commadns both with manual plugin and Azure plugin.
New-PACertificate 'spuffingbot.com' -Contact '.com'
New-PACertificate www.spuffingbot.com -Contact '.com'

PS C:\WINDOWS\system32> $pArgs = @{

AZSubscriptionId = $subscriptionID
AZTenantId = $tenantID
AZAppCred = $appCred

}
New-PACertificate 'SpuffingBot.com','*.SpuffingBot.com' -verbose -Plugin Azure -PluginArgs $pArgs -DnsSleep 500

Here is the error message that I'm getting:
Submit-ChallengeValidation : Authorization invalid for spuffingbot.com: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.spuffingbot.com - check that a DNS record exists for this domain At C:\Program Files\WindowsPowerShell\Modules\Posh-ACME\4.19.0\Public\New-PACertificate.ps1:253 char:9

  •     Submit-ChallengeValidation

  •     ~~~~~~~~~~~~~~~~~~~~~~~~~~
    • CategoryInfo : OperationStopped: (Authorization i...for this domain:String) [Submit-ChallengeValidation
      ], RuntimeException
    • FullyQualifiedErrorId : Authorization invalid for spuffingbot.com: DNS problem: NXDOMAIN looking up TXT for _acm
      e-challenge.spuffingbot.com - check that a DNS record exists for this domain,Submit-ChallengeValidation

Also I tried to debug, and here is failed validation message that I got:
{
"status": "invalid",
"expires": "2023-09-25T23:59:42Z",
"identifiers": [
{
"type": "dns",
"value": "spuffingbot.com"
}
],
"authorizations": [
"https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/8369206794"
],
"finalize": "https://acme-staging-v02.api.letsencrypt.org/acme/finalize/118556394/11019577794" }

I am seeing TXT records created on DNS zone (and tried to create manually) and they are reacheble via dig or nslookup, every tyme.

I'm on Windows 10 machine, DNS zone is created on Azure.

I probably miss something, please let me know if any more inforamtion is needed. Thx.

2

Is there a TXT record in place right now? Because I don't see one using https://unboundtest.com Which uses the authoritative DNS servers like Let's Encrypt servers would

https://unboundtest.com/m/TXT/_acme-challenge.spuffingbot.com/P2ONNUZT

5 Likes
3

Not, it's deleted right now. I think the problem is in my hosting, looks like my domain isn't in the public domain register and that is the issue. I need to fix that. Thanks for the help.

1 Like
4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.