Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
Press Enter to Continue
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. quick-repair.be (dns-01): urn:ietf:params:acme:error:dns :: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.quick-repair.be
IMPORTANT NOTES:
The following errors were reported by the server:
Domain: quick-repair.be
Type: None
Detail: DNS problem: NXDOMAIN looking up TXT for
_acme-challenge.quick-repair.be
I get above error for first challenge itself. I never reached 2nd challenge
My web server is (include version): nginx
The operating system my web server runs on is (include version): ubuntu 16.04 LTS
My hosting provider, if applicable, is: digitalocean
I can login to a root shell on my machine (yes or no, or I don't know): yes
I am afraid I cannot use that. I have erpnext setup. So will have to stick to
sudo ./certbot-auto certonly --manual --preferred-challenges=dns --email hello@appsdevs.com --server https://acme-v02.api.letsencrypt.org/directory --agree-tos -d *.quick-repair.be
Please help. Thanks!
Did you manully test if the TXT records were actually resolvable from the internet? I.e., by running for example dig +trace _acme-challenge.quick-repair.be. TXT
; <<>> DiG 9.10.3-P4-Ubuntu <<>> +trace _acme-challenge.quick-repair.be.
;; global options: +cmd
. 384102 IN NS k.root-servers.net.
. 384102 IN NS c.root-servers.net.
. 384102 IN NS h.root-servers.net.
. 384102 IN NS l.root-servers.net.
. 384102 IN NS g.root-servers.net.
. 384102 IN NS b.root-servers.net.
. 384102 IN NS i.root-servers.net.
. 384102 IN NS m.root-servers.net.
. 384102 IN NS j.root-servers.net.
. 384102 IN NS f.root-servers.net.
. 384102 IN NS e.root-servers.net.
. 384102 IN NS d.root-servers.net.
. 384102 IN NS a.root-servers.net.
. 518399 IN RRSIG NS 8 0 518400 20180826170000 20180813160000 41656 . UG2eRBIjvPlwaDAlvgWEPmLpnnSDUimVXj0dzEiq9am4lpqBEq/p1s6T 2h6Cu+lcPWFF1nLIVgnuMO00lPPeJWDtdmk2dkCR24Fv5JXS6RZkR72w 6CpHcTdnEnbkD9WqNCKUSSU4n7s/3aZRbv0UK6qnxdLw+6fJ24e+xi69 63Ff3HmQ2C8CvN5ej+0UW0KuAFGuvpiXByxX7ZKdlctsmDXVFha3Whea JLsU917N8yt4WnK5yJjMcoMB/M+m8SKQSnVTUW7kKkQJHz+jd4xxloId SAGbTv6493Dv/jHcrX6wmYDBM9Es7lMgZg3HZmU6y3eY3bRYDgAX0NLy mfk2CQ==
;; Received 525 bytes from 127.0.0.1#53(127.0.0.1) in 38 ms
be. 172800 IN NS b.ns.dns.be.
be. 172800 IN NS a.ns.dns.be.
be. 172800 IN NS x.ns.dns.be.
be. 172800 IN NS d.ns.dns.be.
be. 172800 IN NS y.ns.dns.be.
be. 172800 IN NS c.ns.dns.be.
be. 86400 IN DS 16684 8 1 8BD0806315E077B56D3D0E235727F31D8CB9BF3C
be. 86400 IN DS 16684 8 2 7EF0A483A7A96FCECF3D9067828BAF7F3DF22C3276671C2E88AA4636 FD259F34
be. 86400 IN DS 12664 8 1 59462E9CB5520A36DD248D9DDC4EAA44672A5ED1
be. 86400 IN DS 12664 8 2 75141E9B1188A95A7A855BF47E278A742A5E3F2DDEED8E995D749D48 F2F0E72D
be. 86400 IN RRSIG DS 8 1 86400 20180826170000 20180813160000 41656 . 9BL+xAYObruF6m0NuFzlVYIx0Cg78VbYqO2QOn9GUdrVXn8UfcFZ6p2h U7foNFgc9OitwDMe4rf09dp/WhIn9BLakWqLR5l1Q6wsHvGz1Uhk+uOm SKHRDsZyc6fg6cFpYbbhb4Qnga/72AZT0giSCjrsZTFwltuDHqZK6Nji L1T2NC+gsrSwDzoNRYl0Ul9sxwcszOUGOMDtYIBRdgxzIq2jRJJC5w97 WsE2BDBswoZu03uD5jH8I6idrcLY0KeHwEDXdBsOyA3hnREOuUAegbP7 IGjwn3lWZDTkUYB+HNLPOm2a2m0J8Yvn0wJmxnL/vyXR+gCiCB59ffWH Rma1QA==
;; Received 882 bytes from 192.112.36.4#53(g.root-servers.net) in 297 ms
quick-repair.be. 86400 IN NS ns1.zxcs.nl.
quick-repair.be. 86400 IN NS ns2.zxcs.nl.
quick-repair.be. 86400 IN NS ns3.zxcs.nl.
ba141snrnoe1rc9mddgrest23g657rir.be. 600 IN NSEC3 1 1 5 1A4E9B6C BA175A6M75ITNTD2DO5RIQLCVM45GSMR NS SOA RRSIG DNSKEY NSEC3PARAM TYPE65534
ba141snrnoe1rc9mddgrest23g657rir.be. 600 IN RRSIG NSEC3 8 2 600 20180821234702 20180811231429 12255 be. wEYRzjoXfkBYSD/PWGKEqikG8/Zhi4IjfF00+eGVp4vCm0yVckBiFquN 3/cybzkW2ond075hR6+oySnww7z2+eDt3Tme9vYbzANnnVsB00DXRcXr prwFgJH4tCX5+WYdFnzyq4imiKMtZ4vy2U2K7xPEIo5eYArzl1FUvEDL 9OQ=
nbgoujpcfrj7suj2ns70vuh3v8djvojs.be. 600 IN NSEC3 1 1 5 1A4E9B6C NBHAHRPQJV0JHERFGCPPD0PTETQHUDT9 NS DS RRSIG
nbgoujpcfrj7suj2ns70vuh3v8djvojs.be. 600 IN RRSIG NSEC3 8 2 600 20180820002348 20180809234643 12255 be. fGV9dvVlkr7jGVROJ4Os9p1jDxLHNJApW8VYEHFPLWowTx+m2Dl7xqtC II9DADIJpg6+mg0OVg/Od4bLVPh3ZOlNcGuF77E28Ih4y+8qCHfeNj4s uqpuqT402FlwujsmGKDsaAcXlYb7VeCgdlaiJysxiKk0p1T/ENG33Od/ 29U=
;; Received 646 bytes from 194.0.37.1#53(b.ns.dns.be) in 149 ms
quick-repair.be. 600 IN SOA ns1.zxcs.nl. hostmaster.quick-repair.be. 2018081304 600 3600 1209600 86400
;; Received 118 bytes from 185.104.28.19#53(ns1.zxcs.nl) in 206 ms
Sometimes it takes a few minutes before all of the authoritative name servers are updated. You don’t need to wait for actual propagation or anything, but all of your authoritative name servers need to be serving the new record before you have Let’s Encrypt validate the challenge.
Failed authorization procedure. quick-repair.be (dns-01): urn:ietf:params:acme:error:dns :: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.quick-repair.be
IMPORTANT NOTES:
The following errors were reported by the server:
Domain: quick-repair.be
Type: None
Detail: DNS problem: NXDOMAIN looking up TXT for
_acme-challenge.quick-repair.be
Well, now it fails for me again too… So I guess Let’s Encrypt is right.
Did you remove the previous TXT record? And added a new one? It probably takes some to propogate the settings from the control panel to the actual DNS servers… You should try waiting longer and continu with the authorization process in certbot once you can verify the existence of the TXT record yourself with dig.