DNS problem: NXDOMAIN looking up TXT for _acme-challenge.mypoktnodeblack.chickenkiller.com - check that a DNS record exists for this domain

letsgetthispartystar · April 22, 2022, 2:41pm

deleted due to sensitive content

Osiris · April 22, 2022, 3:52pm

Why do you suspect that?

Also, did you follow the Certbot instructions to the letter? I.e., add the TXT record, checked if it existed et cetera?

letsgetthispartystar · April 22, 2022, 4:37pm

i'm not sure why i think it's the IP addr...i'm not well read in that area so assumed maybe that's the issue.

i did the steps required in the certbot, it didnt ask me for a TXT record, just the domain. How do i get a TXT record?

Osiris · April 22, 2022, 4:44pm

I can see this clearly in the output of Certbot:

Please deploy a DNS TXT record under the name:

_acme-challenge.mypoktnodeblack.chickenkiller.com.

with the following value:

lypau8In5ngXxdrJWAwwI7-GhqQXB6hfnpGGD-bMUiQ

Not sure how it can be missed? Note that the value reported here is a one-time use only, so it most likely will be different each time you run Certbot.

danb35 · April 22, 2022, 5:52pm

So in what part of that do you think you've deployed a DNS record? Because none of what you've posted gives any indication that you've done so.

This is its own problem, but it won't prevent your getting a cert if you're doing DNS mode properly (which as yet you aren't).

letsgetthispartystar · April 22, 2022, 6:09pm

i'm not sure. how do i go about deploying a DNS record?

i thought i did deploye a free DNS using http://freedns.afraid.org. is there another step that's needed?

danb35 · April 22, 2022, 6:33pm

You log into your DNS provider and create a record of type TXT with the correct name and the correct contents.

letsgetthispartystar · April 22, 2022, 6:54pm

so i actually have to use a DNS? using a service like http://freedns.afraid.org isnt possible? i dont see an option to insert a TXT

rg305 · April 22, 2022, 7:11pm

That varies from router to router.
I'd start by asking your ISP.
Then doing a web search on that brand/model.

letsgetthispartystar · April 22, 2022, 7:12pm

resolved! i know what i was doing on my end. i'll update here with what i did. thank you for your help

jamieshah24 · April 29, 2022, 7:24am

I am writing down thoroughly about the DNS problem -

I want to create wildcard SSL for my website via LetsEncrypt . I followed the instruction and after running Certbot , it gives me a DNS challenge and says:

Please deploy a DNS TXT record under the name

_acme-challenge.db.example.com with the following value:
 jn324jr348r342bhr234hrou234nbr4324fj34r

Also db.example.com is inside /etc/bind/ .

What I do is that opened db.example.com and at the bottom line add this:

_acme-challenge.db.example.com 3600 IN TXT "jn324jr348r342bhr234hrou234nbr4324fj34r"

But whe i check it like this:

nslookup -type=TXT _acme-challenge.example.com

It gives me this error:

 - The following errors were reported by the server:                           

   Domain: db.example.com                                                
   Type:   dns                                                                 
   Detail: DNS problem: NXDOMAIN looking up TXT for                            
   _acme-challenge.db.example.com - check that a DNS record              
   exists for this domain                                                      
ubuntu@me-1:/etc/bind$ nslookup -type=TXT _acme-challenge.example.com
Server:         127.0.0.53                                                     
Address:        127.0.0.53#53                                                  

** server can't find _acme-challenge.example.com: NXDOMAIN

And when I run Certbot also get an error:

Some challenges have failed.                                                   

IMPORTANT NOTES:                                                               
 - The following errors were reported by the server:                           

   Domain: db.example.com                                                
   Type:   dns                                                                 
   Detail: DNS problem: NXDOMAIN looking up TXT for                            
   _acme-challenge.db.example.com - check that a DNS record                                           
   exists for this domain

7

Note that in a zone file, names not ending with a dot . are relative, usually to the current domain.

So an entry for _acme-challenge.db.example.com inside the zone for db.example.com . Basically, I am unable to solve this DNS problem on my erp software transformation and related things. Actually means an entry for _acme-challenge.db.example.com.db.example.com.

To make sure you have the right entry, you can either:

Add a dot a the end: _acme-challenge.db.example.com.
Or not include the domain: _acme-challenge

This is based on the zone being for db.example.com , things would be slightly different is the zone were for example.com instead.

Also don't forget to update the serial of the zone (in the SOA record) when you update it, and reload the zone.

This is of course based on the registered name servers for your domain being your own server (and a secondary).

When querying using nslookup or dig you can tell them which server to ask the answer from. Always start by checking your primary, then your secondary, then other servers. And don't forget some types of updates may take a while (especially changes which are subject to TTL of the previous record, and additions subject to the negative cache TTL of the domain).

Hope this solution helps you proeprly.

system · May 29, 2022, 7:25am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.