DNS problem: NXDOMAIN looking up TXT for


#1

Attempted:
certbot certonly -a manual --preferred-challenges dns -d subseasolutions.net -d www.subseasolutions.net

Results:
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Plugins selected: Authenticator manual, Installer None

Obtaining a new certificate

Performing the following challenges:

dns-01 challenge for subseasolutions.net

dns-01 challenge for www.subseasolutions.net


NOTE: The IP of this machine will be publicly logged as having requested this

certificate. If you’re running certbot in manual mode on a machine that is not

your server, please ensure you’re okay with that.

Are you OK with your IP being logged?


(Y)es/(N)o: y


Please deploy a DNS TXT record under the name

_acme-challenge.subseasolutions.net with the following value:

q_Iehior2uERZwrZ-wx5f8lLoX9D9T-Z4BqyIpIZO3g

Before continuing, verify the record is deployed.


Press Enter to Continue


Please deploy a DNS TXT record under the name

_acme-challenge.www.subseasolutions.net with the following value:

8LEBJofPi33j33ExL7tQN8To5kO2iSJg6JQRB0P2m_0

Before continuing, verify the record is deployed.

(This must be set up in addition to the previous challenges; do not remove,

replace, or undo the previous challenge tasks yet. Note that you might be

asked to create multiple distinct TXT records with the same name. This is

permitted by DNS standards.)


Press Enter to Continue

Waiting for verification…

Cleaning up challenges

Failed authorization procedure. subseasolutions.net (dns-01): urn:ietf:params:acme:error:dns :: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.subseasolutions.net, www.subseasolutions.net (dns-01): urn:ietf:params:acme:error:dns :: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.www.subseasolutions.net

IMPORTANT NOTES:

  • The following errors were reported by the server:

Domain: subseasolutions.net

Type: None

Detail: DNS problem: NXDOMAIN looking up TXT for

_acme-challenge.subseasolutions.net

Domain: www.subseasolutions.net

Type: None

Detail: DNS problem: NXDOMAIN looking up TXT for

_acme-challenge.www.subseasolutions.net

NOTE: I did add the TXT records to the DNS prior to attempting this.
Any help appreciated!


#2

Hi,

Did you enter those records inside your GoDaddy DNS?

Thank you


#3

Hi @glapalomento

I can’t see your txt records:


TXT - Entries

Domainname TXT Entry Status ∑ Queries ∑ Timeout
subseasolutions.net v=spf1 a:dispatch-us.ppe-hosted.com ~all ok 1 0
subseasolutions.net ppe-282374e8a9c2b6e231d3 ok 1 0
www.subseasolutions.net v=spf1 a:dispatch-us.ppe-hosted.com ~all ok 1 0
www.subseasolutions.net ppe-282374e8a9c2b6e231d3 ok 1 0
_acme-challenge.subseasolutions.net Name Error - The domain name does not exist 1 0
_acme-challenge.www.subseasolutions.net Name Error - The domain name does not exist 1 0
_acme-challenge.subseasolutions.net.subseasolutions.net Name Error - The domain name does not exist 1 0
_acme-challenge.www.subseasolutions.net.www.subseasolutions.net Name Error - The domain name does not exist 1 0

You have txt entries. But not the required versions. _acme-challenge.subseasolutions.net and _acme-challenge.www.subseasolutions.net are required.

You didn’t create typical wrong entries (the last two), this is good.


#4

Sorry, but I did enter them but I removed them since trying. I will do it again so you can test. Thank you!


#5

OK, I tried it again and got same results. This time I have left the TXT entries in the Godaddy acct.

Please deploy a DNS TXT record under the name
_acme-challenge.subseasolutions.net with the following value:

XkuohdHqYLDCYxkFBLF7t1jWqCe8EI60a1sSnpARZrU

Before continuing, verify the record is deployed.


Press Enter to Continue


Please deploy a DNS TXT record under the name
_acme-challenge.www.subseasolutions.net with the following value:

sUIQgdUdUrENlG3k897WsMFqchWTf6DNEBF3GLfzLxY

Before continuing, verify the record is deployed.
(This must be set up in addition to the previous challenges; do not remove,
replace, or undo the previous challenge tasks yet. Note that you might be
asked to create multiple distinct TXT records with the same name. This is
permitted by DNS standards.)


Press Enter to Continue
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. subseasolutions.net (dns-01): urn:ietf:params:acme:error:dns :: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.subseasolutions.net, www.subseasolutions.net (dns-01): urn:ietf:params:acme:error:dns :: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.www.subseasolutions.net

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: subseasolutions.net
    Type: None
    Detail: DNS problem: NXDOMAIN looking up TXT for
    _acme-challenge.subseasolutions.net

    Domain: www.subseasolutions.net
    Type: None
    Detail: DNS problem: NXDOMAIN looking up TXT for
    _acme-challenge.www.subseasolutions.net


#6

Now it’s the wrong domain name (using https://check-your-website.server-daten.de/?q=subseasolutions.net ):

TXT - Entries

Domainname TXT Entry Status ∑ Queries ∑ Timeout
subseasolutions.net v=spf1 a:dispatch-us.ppe-hosted.com ~all ok 1 0
subseasolutions.net ppe-282374e8a9c2b6e231d3 ok 1 0
_acme-challenge.subseasolutions.net Name Error - The domain name does not exist 1 0
_acme-challenge.subseasolutions.net.subseasolutions.net XkuohdHqYLDCYxkFBLF7t1jWqCe8EI60a1sSnpARZrU perhaps wrong 1 0

You have created one entry with _acme-challenge.subseasolutions.net.subseasolutions.net.

So your context adds your domain name. So add only _acme-challenge and _acme-challenge.www as domain name.


#7

Oh, wow. I was basically just copying the line and didn’t realize I needed to leave the domain off. Thanks so much. This is now resolved.


#8

You would think that all large scale DNS systems would have logic programed in that can check for such situations; and ask for you to reconfirm.

Are you sure you want to add record: _acme-challenge.subseasolutions.net.subseasolutions.net
[The new record would contain the domain twice]

But hey it’s only (almost) 2019 - machines have not acquired intelligence yet - LOL


closed #9

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.