deleted due to sensitive content
Why do you suspect that?
Also, did you follow the Certbot instructions to the letter? I.e., add the TXT record, checked if it existed et cetera?
i'm not sure why i think it's the IP addr...i'm not well read in that area so assumed maybe that's the issue.
i did the steps required in the certbot, it didnt ask me for a TXT record, just the domain. How do i get a TXT record?
I can see this clearly in the output of Certbot:
Please deploy a DNS TXT record under the name: _acme-challenge.mypoktnodeblack.chickenkiller.com. with the following value: lypau8In5ngXxdrJWAwwI7-GhqQXB6hfnpGGD-bMUiQ
Not sure how it can be missed? Note that the value reported here is a one-time use only, so it most likely will be different each time you run Certbot.
So in what part of that do you think you've deployed a DNS record? Because none of what you've posted gives any indication that you've done so.
This is its own problem, but it won't prevent your getting a cert if you're doing DNS mode properly (which as yet you aren't).
i'm not sure. how do i go about deploying a DNS record?
i thought i did deploye a free DNS using http://freedns.afraid.org. is there another step that's needed?
You log into your DNS provider and create a record of type TXT with the correct name and the correct contents.
so i actually have to use a DNS? using a service like http://freedns.afraid.org isnt possible? i dont see an option to insert a TXT
That varies from router to router.
I'd start by asking your ISP.
Then doing a web search on that brand/model.
resolved! i know what i was doing on my end. i'll update here with what i did. thank you for your help
I am writing down thoroughly about the DNS problem -
I want to create wildcard SSL for my website via
LetsEncrypt . I followed the instruction and after running
Certbot , it gives me a DNS challenge and says:
Please deploy a DNS TXT record under the name _acme-challenge.db.example.com with the following value: jn324jr348r342bhr234hrou234nbr4324fj34r
Also db.example.com is inside
What I do is that opened
db.example.com and at the bottom line add this:
_acme-challenge.db.example.com 3600 IN TXT "jn324jr348r342bhr234hrou234nbr4324fj34r"
But whe i check it like this:
nslookup -type=TXT _acme-challenge.example.com
It gives me this error:
- The following errors were reported by the server: Domain: db.example.com Type: dns Detail: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.db.example.com - check that a DNS record exists for this domain ubuntu@me-1:/etc/bind$ nslookup -type=TXT _acme-challenge.example.com Server: 127.0.0.53 Address: 127.0.0.53#53 ** server can't find _acme-challenge.example.com: NXDOMAIN
And when I run Certbot also get an error:
Some challenges have failed. IMPORTANT NOTES: - The following errors were reported by the server: Domain: db.example.com Type: dns Detail: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.db.example.com - check that a DNS record exists for this domain
Note that in a zone file, names not ending with a dot
. are relative, usually to the current domain.
So an entry for
_acme-challenge.db.example.com inside the zone for
db.example.com . Basically, I am unable to solve this DNS problem on my erp software transformation and related things. Actually means an entry for
To make sure you have the right entry, you can either:
- Add a dot a the end:
- Or not include the domain:
This is based on the zone being for
db.example.com , things would be slightly different is the zone were for
Also don't forget to update the serial of the zone (in the SOA record) when you update it, and reload the zone.
This is of course based on the registered name servers for your domain being your own server (and a secondary).
When querying using
dig you can tell them which server to ask the answer from. Always start by checking your primary, then your secondary, then other servers. And don't forget some types of updates may take a while (especially changes which are subject to TTL of the previous record, and additions subject to the negative cache TTL of the domain).
Hope this solution helps you proeprly.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.