DNS problem: NXDOMAIN looking up TXT

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:researchfamily.net

I ran this command:sudo certbot certonly --manual --preferred-challenges=dns --email [redacted]@researchfamily.net --server https://acme-v02.api.letsencrypt.org/directory --agree-tos -d researchfamily.net

It produced this output:
Certbot failed to authenticate some domains (authenticator: manual). The Certificate Authority reported these problems:
Domain: researchfamily.net
Type: dns
Detail: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.researchfamily.net - check that a DNS record exists for this domain

Hint: The Certificate Authority failed to verify the manually created DNS TXT records. Ensure that you created these in the correct location, or try waiting longer for DNS propagation on the next attempt.

My web server is (include version):unsure

The operating system my web server runs on is (include version): unsure

My hosting provider, if applicable, is: SHCI

I can login to a root shell on my machine (yes or no, or I don't know): Don't know

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): I am using a plesk interface, it is not obsidian but an older version. The php version is out of date and the owner/host must not know how to update it, there are no other versions available. under websites and domains\DNS\ I can see 13 files including CNAME records, MX record and a TXT file _acme-challenge.researchfamily.net with the value that matches the certbot generated text.
.
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

I have configured these files succesfully in the past but it is always painful, I do not understand why when I run the google admin tool or any other, none of them find the file, is it possible I am in the wrong folder? it would seem unlikely since all these other DNS type records are there.

I don't see many records under that apex domain name. No CNAME or MX. And, I don't see the TXT record in the _acme-challenge subdomain either. Can you provide a link to a tool that does see them? Or a screen snip?

Are you sure you are updating the DNS servers with names of ns.traci.net and ns2.traci.net ? Because those are the authoritative DNS servers for that domain. Maybe your DNS panel is updating a different set of name servers?

3 Likes

The DNS tool did not see any records either. I have my domain registered through godaddy. If I understand it, they point or redirect to the traci DNS servers, I guess, I simply have to determine how I update the Traci servers. BTW a couple weeks ago everything was working except the webservers, it seems wherever the 13 files are stored they are not visible publicly correct?

There is a button that says master/slave which looks like a switch, I have no clue what that does

it says it switches the DNS zone, is that so I can take it down for maintenance?

You may need to ask GoDaddy about that. If their panel was updating the traci DNS servers then we should all be able to see them.

Perhaps the panel you use is updating some GoDaddy DNS that is not configured as your authoritative DNS server?

The https://unboundtest.com site is a good DNS query tool similar to how Let's Encrypt queries DNS (by chasing the authoritative DNS server tree).

3 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.