DNS problem: NXDOMAIN looking up TXT

I’m using acme.sh on my GoDaddy Economy Linux hosting package (no root access). To complicate matters my domain is registered with 1&1.

I’m running acme.sh with:

acme.sh --issue --dns dns_gd -d inviska.com -d www.inviska.com

However, I’m getting the error:

inviska.com:Verify error:DNS problem: NXDOMAIN looking up TXT for _acme-challenge.inviska.com

Here’s the full --debug output from acme.sh:

inviska@n3plcpnl0027 [~/.acme.sh]$ acme.sh --issue --dns dns_gd -d inviska.com -d www.inviska.com --debug
[Fri Apr 13 22:43:06 MST 2018] Lets find script dir.
[Fri Apr 13 22:43:06 MST 2018] _SCRIPT_='/home/inviska/.acme.sh/acme.sh'
[Fri Apr 13 22:43:06 MST 2018] _script='/home/inviska/.acme.sh/acme.sh'
[Fri Apr 13 22:43:06 MST 2018] _script_home='/home/inviska/.acme.sh'
[Fri Apr 13 22:43:06 MST 2018] Using config home:/home/inviska/.acme.sh
https://github.com/Neilpang/acme.sh
v2.7.9
[Fri Apr 13 22:43:06 MST 2018] _main_domain='inviska.com'
[Fri Apr 13 22:43:06 MST 2018] _alt_domains='www.inviska.com'
[Fri Apr 13 22:43:06 MST 2018] Using config home:/home/inviska/.acme.sh
[Fri Apr 13 22:43:06 MST 2018] ACME_DIRECTORY='https://acme-v01.api.letsencrypt.org/directory'
[Fri Apr 13 22:43:06 MST 2018] DOMAIN_PATH='/home/inviska/.acme.sh/inviska.com'
[Fri Apr 13 22:43:06 MST 2018] Using ACME_DIRECTORY: https://acme-v01.api.letsencrypt.org/directory
[Fri Apr 13 22:43:06 MST 2018] _init api for server: https://acme-v01.api.letsencrypt.org/directory
[Fri Apr 13 22:43:06 MST 2018] GET
[Fri Apr 13 22:43:06 MST 2018] url='https://acme-v01.api.letsencrypt.org/directory'
[Fri Apr 13 22:43:06 MST 2018] timeout=
[Fri Apr 13 22:43:06 MST 2018] _CURL='curl -L --silent --dump-header /home/inviska/.acme.sh/http.header  -g '
[Fri Apr 13 22:43:06 MST 2018] ret='0'
[Fri Apr 13 22:43:07 MST 2018] ACME_KEY_CHANGE='https://acme-v01.api.letsencrypt.org/acme/key-change'
[Fri Apr 13 22:43:07 MST 2018] ACME_NEW_AUTHZ='https://acme-v01.api.letsencrypt.org/acme/new-authz'
[Fri Apr 13 22:43:07 MST 2018] ACME_NEW_ORDER='https://acme-v01.api.letsencrypt.org/acme/new-cert'
[Fri Apr 13 22:43:07 MST 2018] ACME_NEW_ACCOUNT='https://acme-v01.api.letsencrypt.org/acme/new-reg'
[Fri Apr 13 22:43:07 MST 2018] ACME_REVOKE_CERT='https://acme-v01.api.letsencrypt.org/acme/revoke-cert'
[Fri Apr 13 22:43:07 MST 2018] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'
[Fri Apr 13 22:43:07 MST 2018] ACME_NEW_NONCE
[Fri Apr 13 22:43:07 MST 2018] ACME_VERSION
[Fri Apr 13 22:43:07 MST 2018] Le_NextRenewTime
[Fri Apr 13 22:43:07 MST 2018] _on_before_issue
[Fri Apr 13 22:43:07 MST 2018] _chk_main_domain='inviska.com'
[Fri Apr 13 22:43:07 MST 2018] _chk_alt_domains='www.inviska.com'
[Fri Apr 13 22:43:07 MST 2018] Le_LocalAddress
[Fri Apr 13 22:43:07 MST 2018] d='inviska.com'
[Fri Apr 13 22:43:07 MST 2018] Check for domain='inviska.com'
[Fri Apr 13 22:43:07 MST 2018] _currentRoot='dns_gd'
[Fri Apr 13 22:43:07 MST 2018] d='www.inviska.com'
[Fri Apr 13 22:43:07 MST 2018] Check for domain='www.inviska.com'
[Fri Apr 13 22:43:07 MST 2018] _currentRoot='dns_gd'
[Fri Apr 13 22:43:07 MST 2018] d
[Fri Apr 13 22:43:07 MST 2018] _saved_account_key_hash is not changed, skip register account.
[Fri Apr 13 22:43:07 MST 2018] Read key length:
[Fri Apr 13 22:43:07 MST 2018] _createcsr
[Fri Apr 13 22:43:07 MST 2018] Multi domain='DNS:inviska.com,DNS:www.inviska.com'
[Fri Apr 13 22:43:07 MST 2018] Getting domain auth token for each domain
[Fri Apr 13 22:43:07 MST 2018] d='inviska.com'
[Fri Apr 13 22:43:07 MST 2018] Getting webroot for domain='inviska.com'
[Fri Apr 13 22:43:07 MST 2018] _w='dns_gd'
[Fri Apr 13 22:43:07 MST 2018] _currentRoot='dns_gd'
[Fri Apr 13 22:43:07 MST 2018] Getting new-authz for domain='inviska.com'
[Fri Apr 13 22:43:07 MST 2018] _init api for server: https://acme-v01.api.letsencrypt.org/directory
[Fri Apr 13 22:43:07 MST 2018] Try new-authz for the 0 time.
[Fri Apr 13 22:43:07 MST 2018] url='https://acme-v01.api.letsencrypt.org/acme/new-authz'
[Fri Apr 13 22:43:07 MST 2018] payload='{"resource": "new-authz", "identifier": {"type": "dns", "value": "inviska.com"}}'
[Fri Apr 13 22:43:07 MST 2018] RSA key
[Fri Apr 13 22:43:07 MST 2018] GET
[Fri Apr 13 22:43:07 MST 2018] url='https://acme-v01.api.letsencrypt.org/directory'
[Fri Apr 13 22:43:07 MST 2018] timeout=
[Fri Apr 13 22:43:07 MST 2018] _CURL='curl -L --silent --dump-header /home/inviska/.acme.sh/http.header  -g '
[Fri Apr 13 22:43:07 MST 2018] ret='0'
[Fri Apr 13 22:43:07 MST 2018] POST
[Fri Apr 13 22:43:07 MST 2018] _post_url='https://acme-v01.api.letsencrypt.org/acme/new-authz'
[Fri Apr 13 22:43:07 MST 2018] _CURL='curl -L --silent --dump-header /home/inviska/.acme.sh/http.header  -g '
[Fri Apr 13 22:43:08 MST 2018] _ret='0'
[Fri Apr 13 22:43:08 MST 2018] code='201'
[Fri Apr 13 22:43:08 MST 2018] The new-authz request is ok.
[Fri Apr 13 22:43:08 MST 2018] entry='"type":"dns-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/2CshH5BplO3oL5WnY4fyUM5Cj7HMpAlJN476PIml97k/4214131961","token":"4L4mW7MAH_KcVqzhP3hqtnsErrfUQl09OoqAYzZhZp0"'
[Fri Apr 13 22:43:08 MST 2018] token='4L4mW7MAH_KcVqzhP3hqtnsErrfUQl09OoqAYzZhZp0'
[Fri Apr 13 22:43:08 MST 2018] uri='https://acme-v01.api.letsencrypt.org/acme/challenge/2CshH5BplO3oL5WnY4fyUM5Cj7HMpAlJN476PIml97k/4214131961'
[Fri Apr 13 22:43:08 MST 2018] keyauthorization='4L4mW7MAH_KcVqzhP3hqtnsErrfUQl09OoqAYzZhZp0.W1ivMB_eEgMc4wmvkt-XjeKU2EskJvEH7gcp2SdqWh8'
[Fri Apr 13 22:43:08 MST 2018] dvlist='inviska.com#4L4mW7MAH_KcVqzhP3hqtnsErrfUQl09OoqAYzZhZp0.W1ivMB_eEgMc4wmvkt-XjeKU2EskJvEH7gcp2SdqWh8#https://acme-v01.api.letsencrypt.org/acme/challenge/2CshH5BplO3oL5WnY4fyUM5Cj7HMpAlJN476PIml97k/4214131961#dns-01#dns_gd'
[Fri Apr 13 22:43:08 MST 2018] d='www.inviska.com'
[Fri Apr 13 22:43:08 MST 2018] Getting webroot for domain='www.inviska.com'
[Fri Apr 13 22:43:08 MST 2018] _w='dns_gd'
[Fri Apr 13 22:43:08 MST 2018] _currentRoot='dns_gd'
[Fri Apr 13 22:43:08 MST 2018] Getting new-authz for domain='www.inviska.com'
[Fri Apr 13 22:43:08 MST 2018] _init api for server: https://acme-v01.api.letsencrypt.org/directory
[Fri Apr 13 22:43:08 MST 2018] Try new-authz for the 0 time.
[Fri Apr 13 22:43:08 MST 2018] url='https://acme-v01.api.letsencrypt.org/acme/new-authz'
[Fri Apr 13 22:43:08 MST 2018] payload='{"resource": "new-authz", "identifier": {"type": "dns", "value": "www.inviska.com"}}'
[Fri Apr 13 22:43:08 MST 2018] POST
[Fri Apr 13 22:43:08 MST 2018] _post_url='https://acme-v01.api.letsencrypt.org/acme/new-authz'
[Fri Apr 13 22:43:08 MST 2018] _CURL='curl -L --silent --dump-header /home/inviska/.acme.sh/http.header  -g '
[Fri Apr 13 22:43:09 MST 2018] _ret='0'
[Fri Apr 13 22:43:09 MST 2018] code='201'
[Fri Apr 13 22:43:09 MST 2018] The new-authz request is ok.
[Fri Apr 13 22:43:09 MST 2018] entry='"type":"dns-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/TEcta4MAANbD4QvFaA7qPXFiOXcoxfSupoou0mDtckM/4214132152","token":"oL72K2fBV8bY3F-Re7ljzb7uj8fYiaSsqI-ibrAM1EQ"'
[Fri Apr 13 22:43:09 MST 2018] token='oL72K2fBV8bY3F-Re7ljzb7uj8fYiaSsqI-ibrAM1EQ'
[Fri Apr 13 22:43:09 MST 2018] uri='https://acme-v01.api.letsencrypt.org/acme/challenge/TEcta4MAANbD4QvFaA7qPXFiOXcoxfSupoou0mDtckM/4214132152'
[Fri Apr 13 22:43:09 MST 2018] keyauthorization='oL72K2fBV8bY3F-Re7ljzb7uj8fYiaSsqI-ibrAM1EQ.W1ivMB_eEgMc4wmvkt-XjeKU2EskJvEH7gcp2SdqWh8'
[Fri Apr 13 22:43:09 MST 2018] dvlist='www.inviska.com#oL72K2fBV8bY3F-Re7ljzb7uj8fYiaSsqI-ibrAM1EQ.W1ivMB_eEgMc4wmvkt-XjeKU2EskJvEH7gcp2SdqWh8#https://acme-v01.api.letsencrypt.org/acme/challenge/TEcta4MAANbD4QvFaA7qPXFiOXcoxfSupoou0mDtckM/4214132152#dns-01#dns_gd'
[Fri Apr 13 22:43:09 MST 2018] d
[Fri Apr 13 22:43:09 MST 2018] vlist='inviska.com#4L4mW7MAH_KcVqzhP3hqtnsErrfUQl09OoqAYzZhZp0.W1ivMB_eEgMc4wmvkt-XjeKU2EskJvEH7gcp2SdqWh8#https://acme-v01.api.letsencrypt.org/acme/challenge/2CshH5BplO3oL5WnY4fyUM5Cj7HMpAlJN476PIml97k/4214131961#dns-01#dns_gd,www.inviska.com#oL72K2fBV8bY3F-Re7ljzb7uj8fYiaSsqI-ibrAM1EQ.W1ivMB_eEgMc4wmvkt-XjeKU2EskJvEH7gcp2SdqWh8#https://acme-v01.api.letsencrypt.org/acme/challenge/TEcta4MAANbD4QvFaA7qPXFiOXcoxfSupoou0mDtckM/4214132152#dns-01#dns_gd,'
[Fri Apr 13 22:43:09 MST 2018] d='inviska.com'
[Fri Apr 13 22:43:09 MST 2018] _d_alias
[Fri Apr 13 22:43:09 MST 2018] txtdomain='_acme-challenge.inviska.com'
[Fri Apr 13 22:43:09 MST 2018] txt='vPRamQ0RJz_dJbq8Fr0xx6q6YooZd7y95JBhdhvtgIo'
[Fri Apr 13 22:43:09 MST 2018] d_api='/home/inviska/.acme.sh/dnsapi/dns_gd.sh'
[Fri Apr 13 22:43:09 MST 2018] Found domain api file: /home/inviska/.acme.sh/dnsapi/dns_gd.sh
[Fri Apr 13 22:43:09 MST 2018] First detect the root zone
[Fri Apr 13 22:43:09 MST 2018] domains/inviska.com
[Fri Apr 13 22:43:09 MST 2018] GET
[Fri Apr 13 22:43:09 MST 2018] url='https://api.godaddy.com/v1/domains/inviska.com'
[Fri Apr 13 22:43:09 MST 2018] timeout=
[Fri Apr 13 22:43:09 MST 2018] _CURL='curl -L --silent --dump-header /home/inviska/.acme.sh/http.header  -g '
[Fri Apr 13 22:43:11 MST 2018] ret='0'
[Fri Apr 13 22:43:11 MST 2018] _sub_domain='_acme-challenge'
[Fri Apr 13 22:43:11 MST 2018] _domain='inviska.com'
[Fri Apr 13 22:43:11 MST 2018] Getting existing records
[Fri Apr 13 22:43:11 MST 2018] domains/inviska.com/records/TXT/_acme-challenge
[Fri Apr 13 22:43:11 MST 2018] GET
[Fri Apr 13 22:43:11 MST 2018] url='https://api.godaddy.com/v1/domains/inviska.com/records/TXT/_acme-challenge'
[Fri Apr 13 22:43:11 MST 2018] timeout=
[Fri Apr 13 22:43:11 MST 2018] _CURL='curl -L --silent --dump-header /home/inviska/.acme.sh/http.header  -g '
[Fri Apr 13 22:43:12 MST 2018] ret='0'
[Fri Apr 13 22:43:12 MST 2018] Adding record
[Fri Apr 13 22:43:12 MST 2018] domains/inviska.com/records/TXT/_acme-challenge
[Fri Apr 13 22:43:12 MST 2018] data='[{"data":"vPRamQ0RJz_dJbq8Fr0xx6q6YooZd7y95JBhdhvtgIo"},{"data":"g4VG3gpbQbkUUFotrE3QPW-BNPIRKki32TpM8pRHZ4Q"},{"data":"HAHKKfT9gPcfLhAOxJ3idHGgoBUgbs7TVBkCp8cSFUM"},{"data":"YoXXhg6LDd4gJIK8skWdnt8Au05baeKbzAB41DhqA5Y"}]'
[Fri Apr 13 22:43:12 MST 2018] PUT
[Fri Apr 13 22:43:12 MST 2018] _post_url='https://api.godaddy.com/v1/domains/inviska.com/records/TXT/_acme-challenge'
[Fri Apr 13 22:43:12 MST 2018] _CURL='curl -L --silent --dump-header /home/inviska/.acme.sh/http.header  -g '
[Fri Apr 13 22:43:13 MST 2018] _ret='0'
[Fri Apr 13 22:43:13 MST 2018] Added, sleeping 10 seconds
[Fri Apr 13 22:43:24 MST 2018] d='www.inviska.com'
[Fri Apr 13 22:43:24 MST 2018] _d_alias
[Fri Apr 13 22:43:24 MST 2018] txtdomain='_acme-challenge.www.inviska.com'
[Fri Apr 13 22:43:24 MST 2018] txt='ie56OlR026_vD3d6qvVMwLrNktz5QCns9X23kh-dSE0'
[Fri Apr 13 22:43:24 MST 2018] d_api='/home/inviska/.acme.sh/dnsapi/dns_gd.sh'
[Fri Apr 13 22:43:24 MST 2018] Found domain api file: /home/inviska/.acme.sh/dnsapi/dns_gd.sh
[Fri Apr 13 22:43:24 MST 2018] First detect the root zone
[Fri Apr 13 22:43:24 MST 2018] domains/www.inviska.com
[Fri Apr 13 22:43:24 MST 2018] GET
[Fri Apr 13 22:43:24 MST 2018] url='https://api.godaddy.com/v1/domains/www.inviska.com'
[Fri Apr 13 22:43:24 MST 2018] timeout=
[Fri Apr 13 22:43:24 MST 2018] _CURL='curl -L --silent --dump-header /home/inviska/.acme.sh/http.header  -g '
[Fri Apr 13 22:43:24 MST 2018] ret='0'
[Fri Apr 13 22:43:24 MST 2018] www.inviska.com not found
[Fri Apr 13 22:43:24 MST 2018] domains/inviska.com
[Fri Apr 13 22:43:24 MST 2018] GET
[Fri Apr 13 22:43:24 MST 2018] url='https://api.godaddy.com/v1/domains/inviska.com'
[Fri Apr 13 22:43:24 MST 2018] timeout=
[Fri Apr 13 22:43:24 MST 2018] _CURL='curl -L --silent --dump-header /home/inviska/.acme.sh/http.header  -g '
[Fri Apr 13 22:43:25 MST 2018] ret='0'
[Fri Apr 13 22:43:25 MST 2018] _sub_domain='_acme-challenge.www'
[Fri Apr 13 22:43:25 MST 2018] _domain='inviska.com'
[Fri Apr 13 22:43:25 MST 2018] Getting existing records
[Fri Apr 13 22:43:25 MST 2018] domains/inviska.com/records/TXT/_acme-challenge.www
[Fri Apr 13 22:43:25 MST 2018] GET
[Fri Apr 13 22:43:25 MST 2018] url='https://api.godaddy.com/v1/domains/inviska.com/records/TXT/_acme-challenge.www'
[Fri Apr 13 22:43:25 MST 2018] timeout=
[Fri Apr 13 22:43:25 MST 2018] _CURL='curl -L --silent --dump-header /home/inviska/.acme.sh/http.header  -g '
[Fri Apr 13 22:43:25 MST 2018] ret='0'
[Fri Apr 13 22:43:25 MST 2018] Adding record
[Fri Apr 13 22:43:25 MST 2018] domains/inviska.com/records/TXT/_acme-challenge.www
[Fri Apr 13 22:43:25 MST 2018] data='[{"data":"ie56OlR026_vD3d6qvVMwLrNktz5QCns9X23kh-dSE0"},{"data":"O5iakJ5_915guWZnl1qgwkz40QPmVXfjKvnXR93ctDM"},{"data":"SjppaLspa6DVlki1tLPjrAVoNNK6hOdV877nOG43p1U"},{"data":"wiWDv5CHWXPnJK0xo31WiVaH1uTqYxEE15O4EkovKcE"},{"data":"VY566WSjK_5WX6-D_IC_wp8_Mi2RXzMcsAqJ6N-PKNU"},{"data":"-F_pVfP9zh8omQVIDTaPf2xKn_UzJMeIF_k2lHeJvG4"},{"data":"N4rnjaeZqlw3Y3FmNC-tMggRY39s3ZQm-ZPsiRCT6R0"},{"data":"AGJ-IJNtf4pgtGbtYxhWNi1h4alPghEunKMlHS3D69A"}]'
[Fri Apr 13 22:43:25 MST 2018] PUT
[Fri Apr 13 22:43:25 MST 2018] _post_url='https://api.godaddy.com/v1/domains/inviska.com/records/TXT/_acme-challenge.www'
[Fri Apr 13 22:43:25 MST 2018] _CURL='curl -L --silent --dump-header /home/inviska/.acme.sh/http.header  -g '
[Fri Apr 13 22:43:26 MST 2018] _ret='0'
[Fri Apr 13 22:43:26 MST 2018] Added, sleeping 10 seconds
[Fri Apr 13 22:43:37 MST 2018] Sleep 120 seconds for the txt records to take effect
[Fri Apr 13 22:45:38 MST 2018] ok, let's start to verify
[Fri Apr 13 22:45:38 MST 2018] Verifying:inviska.com
[Fri Apr 13 22:45:38 MST 2018] d='inviska.com'
[Fri Apr 13 22:45:38 MST 2018] keyauthorization='4L4mW7MAH_KcVqzhP3hqtnsErrfUQl09OoqAYzZhZp0.W1ivMB_eEgMc4wmvkt-XjeKU2EskJvEH7gcp2SdqWh8'
[Fri Apr 13 22:45:38 MST 2018] uri='https://acme-v01.api.letsencrypt.org/acme/challenge/2CshH5BplO3oL5WnY4fyUM5Cj7HMpAlJN476PIml97k/4214131961'
[Fri Apr 13 22:45:38 MST 2018] _currentRoot='dns_gd'
[Fri Apr 13 22:45:38 MST 2018] url='https://acme-v01.api.letsencrypt.org/acme/challenge/2CshH5BplO3oL5WnY4fyUM5Cj7HMpAlJN476PIml97k/4214131961'
[Fri Apr 13 22:45:38 MST 2018] payload='{"resource": "challenge", "keyAuthorization": "4L4mW7MAH_KcVqzhP3hqtnsErrfUQl09OoqAYzZhZp0.W1ivMB_eEgMc4wmvkt-XjeKU2EskJvEH7gcp2SdqWh8"}'
[Fri Apr 13 22:45:39 MST 2018] POST
[Fri Apr 13 22:45:39 MST 2018] _post_url='https://acme-v01.api.letsencrypt.org/acme/challenge/2CshH5BplO3oL5WnY4fyUM5Cj7HMpAlJN476PIml97k/4214131961'
[Fri Apr 13 22:45:39 MST 2018] _CURL='curl -L --silent --dump-header /home/inviska/.acme.sh/http.header  -g '
[Fri Apr 13 22:45:39 MST 2018] _ret='0'
[Fri Apr 13 22:45:39 MST 2018] code='202'
[Fri Apr 13 22:45:39 MST 2018] sleep 2 secs to verify
[Fri Apr 13 22:45:41 MST 2018] checking
[Fri Apr 13 22:45:41 MST 2018] GET
[Fri Apr 13 22:45:41 MST 2018] url='https://acme-v01.api.letsencrypt.org/acme/challenge/2CshH5BplO3oL5WnY4fyUM5Cj7HMpAlJN476PIml97k/4214131961'
[Fri Apr 13 22:45:41 MST 2018] timeout=
[Fri Apr 13 22:45:42 MST 2018] _CURL='curl -L --silent --dump-header /home/inviska/.acme.sh/http.header  -g '
[Fri Apr 13 22:45:42 MST 2018] ret='0'
[Fri Apr 13 22:45:42 MST 2018] inviska.com:Verify error:DNS problem: NXDOMAIN looking up TXT for _acme-challenge.inviska.com
[Fri Apr 13 22:45:42 MST 2018] Skip for removelevel:
[Fri Apr 13 22:45:42 MST 2018] pid
[Fri Apr 13 22:45:42 MST 2018] No need to restore nginx, skip.
[Fri Apr 13 22:45:42 MST 2018] _clearupdns
[Fri Apr 13 22:45:42 MST 2018] Removing DNS records.
[Fri Apr 13 22:45:42 MST 2018] txt='vPRamQ0RJz_dJbq8Fr0xx6q6YooZd7y95JBhdhvtgIo'
[Fri Apr 13 22:45:42 MST 2018] d_api='/home/inviska/.acme.sh/dnsapi/dns_gd.sh'
[Fri Apr 13 22:45:42 MST 2018] _d_alias
[Fri Apr 13 22:45:42 MST 2018] First detect the root zone
[Fri Apr 13 22:45:42 MST 2018] domains/inviska.com
[Fri Apr 13 22:45:42 MST 2018] GET
[Fri Apr 13 22:45:42 MST 2018] url='https://api.godaddy.com/v1/domains/inviska.com'
[Fri Apr 13 22:45:42 MST 2018] timeout=
[Fri Apr 13 22:45:42 MST 2018] _CURL='curl -L --silent --dump-header /home/inviska/.acme.sh/http.header  -g '
[Fri Apr 13 22:45:43 MST 2018] ret='0'
[Fri Apr 13 22:45:43 MST 2018] _sub_domain='_acme-challenge'
[Fri Apr 13 22:45:43 MST 2018] _domain='inviska.com'
[Fri Apr 13 22:45:43 MST 2018] Getting existing records
[Fri Apr 13 22:45:43 MST 2018] domains/inviska.com/records/TXT/_acme-challenge
[Fri Apr 13 22:45:43 MST 2018] GET
[Fri Apr 13 22:45:43 MST 2018] url='https://api.godaddy.com/v1/domains/inviska.com/records/TXT/_acme-challenge'
[Fri Apr 13 22:45:43 MST 2018] timeout=
[Fri Apr 13 22:45:43 MST 2018] _CURL='curl -L --silent --dump-header /home/inviska/.acme.sh/http.header  -g '
[Fri Apr 13 22:45:44 MST 2018] ret='0'
[Fri Apr 13 22:45:44 MST 2018] domains/inviska.com/records/TXT/_acme-challenge
[Fri Apr 13 22:45:44 MST 2018] data='[{"data":"g4VG3gpbQbkUUFotrE3QPW-BNPIRKki32TpM8pRHZ4Q"},{"data":"HAHKKfT9gPcfLhAOxJ3idHGgoBUgbs7TVBkCp8cSFUM"},{"data":"YoXXhg6LDd4gJIK8skWdnt8Au05baeKbzAB41DhqA5Y"}]'
[Fri Apr 13 22:45:44 MST 2018] PUT
[Fri Apr 13 22:45:44 MST 2018] _post_url='https://api.godaddy.com/v1/domains/inviska.com/records/TXT/_acme-challenge'
[Fri Apr 13 22:45:44 MST 2018] _CURL='curl -L --silent --dump-header /home/inviska/.acme.sh/http.header  -g '
[Fri Apr 13 22:45:45 MST 2018] _ret='0'
[Fri Apr 13 22:45:45 MST 2018] txt='ie56OlR026_vD3d6qvVMwLrNktz5QCns9X23kh-dSE0'
[Fri Apr 13 22:45:45 MST 2018] d_api='/home/inviska/.acme.sh/dnsapi/dns_gd.sh'
[Fri Apr 13 22:45:45 MST 2018] _d_alias
[Fri Apr 13 22:45:45 MST 2018] First detect the root zone
[Fri Apr 13 22:45:45 MST 2018] domains/www.inviska.com
[Fri Apr 13 22:45:45 MST 2018] GET
[Fri Apr 13 22:45:45 MST 2018] url='https://api.godaddy.com/v1/domains/www.inviska.com'
[Fri Apr 13 22:45:45 MST 2018] timeout=
[Fri Apr 13 22:45:45 MST 2018] _CURL='curl -L --silent --dump-header /home/inviska/.acme.sh/http.header  -g '
[Fri Apr 13 22:45:46 MST 2018] ret='0'
[Fri Apr 13 22:45:46 MST 2018] www.inviska.com not found
[Fri Apr 13 22:45:46 MST 2018] domains/inviska.com
[Fri Apr 13 22:45:46 MST 2018] GET
[Fri Apr 13 22:45:46 MST 2018] url='https://api.godaddy.com/v1/domains/inviska.com'
[Fri Apr 13 22:45:46 MST 2018] timeout=
[Fri Apr 13 22:45:46 MST 2018] _CURL='curl -L --silent --dump-header /home/inviska/.acme.sh/http.header  -g '
[Fri Apr 13 22:45:46 MST 2018] ret='0'
[Fri Apr 13 22:45:46 MST 2018] _sub_domain='_acme-challenge.www'
[Fri Apr 13 22:45:46 MST 2018] _domain='inviska.com'
[Fri Apr 13 22:45:46 MST 2018] Getting existing records
[Fri Apr 13 22:45:46 MST 2018] domains/inviska.com/records/TXT/_acme-challenge.www
[Fri Apr 13 22:45:46 MST 2018] GET
[Fri Apr 13 22:45:46 MST 2018] url='https://api.godaddy.com/v1/domains/inviska.com/records/TXT/_acme-challenge.www'
[Fri Apr 13 22:45:46 MST 2018] timeout=
[Fri Apr 13 22:45:46 MST 2018] _CURL='curl -L --silent --dump-header /home/inviska/.acme.sh/http.header  -g '
[Fri Apr 13 22:45:47 MST 2018] ret='0'
[Fri Apr 13 22:45:47 MST 2018] domains/inviska.com/records/TXT/_acme-challenge.www
[Fri Apr 13 22:45:47 MST 2018] data='[{"data":"O5iakJ5_915guWZnl1qgwkz40QPmVXfjKvnXR93ctDM"},{"data":"SjppaLspa6DVlki1tLPjrAVoNNK6hOdV877nOG43p1U"},{"data":"wiWDv5CHWXPnJK0xo31WiVaH1uTqYxEE15O4EkovKcE"},{"data":"VY566WSjK_5WX6-D_IC_wp8_Mi2RXzMcsAqJ6N-PKNU"},{"data":"-F_pVfP9zh8omQVIDTaPf2xKn_UzJMeIF_k2lHeJvG4"},{"data":"N4rnjaeZqlw3Y3FmNC-tMggRY39s3ZQm-ZPsiRCT6R0"},{"data":"AGJ-IJNtf4pgtGbtYxhWNi1h4alPghEunKMlHS3D69A"}]'
[Fri Apr 13 22:45:47 MST 2018] PUT
[Fri Apr 13 22:45:47 MST 2018] _post_url='https://api.godaddy.com/v1/domains/inviska.com/records/TXT/_acme-challenge.www'
[Fri Apr 13 22:45:47 MST 2018] _CURL='curl -L --silent --dump-header /home/inviska/.acme.sh/http.header  -g '
[Fri Apr 13 22:45:48 MST 2018] _ret='0'
[Fri Apr 13 22:45:48 MST 2018] _on_issue_err
[Fri Apr 13 22:45:48 MST 2018] Please add '--debug' or '--log' to check more details.
[Fri Apr 13 22:45:48 MST 2018] See: https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh
[Fri Apr 13 22:45:48 MST 2018] url='https://acme-v01.api.letsencrypt.org/acme/challenge/2CshH5BplO3oL5WnY4fyUM5Cj7HMpAlJN476PIml97k/4214131961'
[Fri Apr 13 22:45:48 MST 2018] payload='{"resource": "challenge", "keyAuthorization": "4L4mW7MAH_KcVqzhP3hqtnsErrfUQl09OoqAYzZhZp0.W1ivMB_eEgMc4wmvkt-XjeKU2EskJvEH7gcp2SdqWh8"}'
[Fri Apr 13 22:45:48 MST 2018] POST
[Fri Apr 13 22:45:48 MST 2018] _post_url='https://acme-v01.api.letsencrypt.org/acme/challenge/2CshH5BplO3oL5WnY4fyUM5Cj7HMpAlJN476PIml97k/4214131961'
[Fri Apr 13 22:45:48 MST 2018] _CURL='curl -L --silent --dump-header /home/inviska/.acme.sh/http.header  -g '
[Fri Apr 13 22:45:49 MST 2018] _ret='0'
[Fri Apr 13 22:45:49 MST 2018] code='400'
[Fri Apr 13 22:45:49 MST 2018] url='https://acme-v01.api.letsencrypt.org/acme/challenge/TEcta4MAANbD4QvFaA7qPXFiOXcoxfSupoou0mDtckM/4214132152'
[Fri Apr 13 22:45:49 MST 2018] payload='{"resource": "challenge", "keyAuthorization": "oL72K2fBV8bY3F-Re7ljzb7uj8fYiaSsqI-ibrAM1EQ.W1ivMB_eEgMc4wmvkt-XjeKU2EskJvEH7gcp2SdqWh8"}'
[Fri Apr 13 22:45:49 MST 2018] POST
[Fri Apr 13 22:45:49 MST 2018] _post_url='https://acme-v01.api.letsencrypt.org/acme/challenge/TEcta4MAANbD4QvFaA7qPXFiOXcoxfSupoou0mDtckM/4214132152'
[Fri Apr 13 22:45:49 MST 2018] _CURL='curl -L --silent --dump-header /home/inviska/.acme.sh/http.header  -g '
[Fri Apr 13 22:45:53 MST 2018] _ret='0'
[Fri Apr 13 22:45:53 MST 2018] code='202'
[Fri Apr 13 22:45:53 MST 2018] Diagnosis versions: 
openssl:openssl
OpenSSL 1.0.1e-fips 11 Feb 2013
apache:
apache doesn't exists.
nginx:
nginx doesn't exists.
socat:
socat by Gerhard Rieger - see www.dest-unreach.org
Usage:
socat [options] <bi-address> <bi-address>
   options:
      -V     print version and feature information to stdout, and exit
      -h|-?  print a help text describing command line options and addresses
      -hh    like -h, plus a list of all common address option names
      -hhh   like -hh, plus a list of all available address option names
      -d     increase verbosity (use up to 4 times; 2 are recommended)
      -D     analyze file descriptors before loop
      -ly[facility]  log to syslog, using facility (default is daemon)
      -lf<logfile>   log to file
      -ls            log to stderr (default if no other log)
      -lm[facility]  mixed log mode (stderr during initialization, then syslog)
      -lp<progname>  set the program name used for logging
      -lu            use microseconds for logging timestamps
      -lh            add hostname to log messages
      -v     verbose data traffic, text
      -x     verbose data traffic, hexadecimal
      -b<size_t>     set data buffer size (8192)
      -s     sloppy (continue on error)
      -t<timeout>    wait seconds before closing second channel
      -T<timeout>    total inactivity timeout in seconds
      -u     unidirectional mode (left to right)
      -U     unidirectional mode (right to left)
      -g     do not check option groups
      -L <lockfile>  try to obtain lock, or fail
      -W <lockfile>  try to obtain lock, or wait
      -4     prefer IPv4 if version is not explicitly specified
      -6     prefer IPv6 if version is not explicitly specified
   bi-address:
      pipe[,<opts>]	groups=FD,FIFO
      <single-address>!!<single-address>
      <single-address>
   single-address:
      <address-head>[,<opts>]
   address-head:
      abstract-client:<filename>	groups=FD,SOCKET,RETRY,UNIX
      abstract-connect:<filename>	groups=FD,SOCKET,RETRY,UNIX
      abstract-listen:<filename>	groups=FD,SOCKET,LISTEN,CHILD,RETRY,UNIX
      abstract-recv:<filename>	groups=FD,SOCKET,RETRY,UNIX
      abstract-recvfrom:<filename>	groups=FD,SOCKET,CHILD,RETRY,UNIX
      abstract-sendto:<filename>	groups=FD,SOCKET,RETRY,UNIX
      create:<filename>	groups=FD,REG,NAMED
      exec:<command-line>	groups=FD,FIFO,SOCKET,EXEC,FORK,TERMIOS,PTY,PARENT,UNIX
      fd:<num>	groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
      gopen:<filename>	groups=FD,FIFO,CHR,BLK,REG,SOCKET,NAMED,OPEN,TERMIOS,UNIX
      interface:<interface>	groups=FD,SOCKET
      ip-datagram:<host>:<protocol>	groups=FD,SOCKET,RANGE,IP4,IP6
      ip-recv:<protocol>	groups=FD,SOCKET,RANGE,IP4,IP6
      ip-recvfrom:<protocol>	groups=FD,SOCKET,CHILD,RANGE,IP4,IP6
      ip-sendto:<host>:<protocol>	groups=FD,SOCKET,IP4,IP6
      ip4-datagram:<host>:<protocol>	groups=FD,SOCKET,RANGE,IP4
      ip4-recv:<protocol>	groups=FD,SOCKET,RANGE,IP4
      ip4-recvfrom:<protocol>	groups=FD,SOCKET,CHILD,RANGE,IP4
      ip4-sendto:<host>:<protocol>	groups=FD,SOCKET,IP4
      ip6-datagram:<host>:<protocol>	groups=FD,SOCKET,RANGE,IP6
      ip6-recv:<protocol>	groups=FD,SOCKET,RANGE,IP6
      ip6-recvfrom:<protocol>	groups=FD,SOCKET,CHILD,RANGE,IP6
      ip6-sendto:<host>:<protocol>	groups=FD,SOCKET,IP6
      open:<filename>	groups=FD,FIFO,CHR,BLK,REG,NAMED,OPEN,TERMIOS
      openssl:<host>:<port>	groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,OPENSSL
      openssl-listen:<port>	groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,IP6,TCP,OPENSSL
      pipe:<filename>	groups=FD,FIFO,NAMED,OPEN
      proxy:<proxy-server>:<host>:<port>	groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,HTTP
      pty	groups=FD,NAMED,TERMIOS,PTY
      readline	groups=FD,READLINE,TERMIOS
      sctp-connect:<host>:<port>	groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,SCTP
      sctp-listen:<port>	groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,IP6,SCTP
      sctp4-connect:<host>:<port>	groups=FD,SOCKET,CHILD,RETRY,IP4,SCTP
      sctp4-listen:<port>	groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,SCTP
      sctp6-connect:<host>:<port>	groups=FD,SOCKET,CHILD,RETRY,IP6,SCTP
      sctp6-listen:<port>	groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP6,SCTP
      socket-connect:<domain>:<protocol>:<remote-address>	groups=FD,SOCKET,CHILD,RETRY
      socket-datagram:<domain>:<type>:<protocol>:<remote-address>	groups=FD,SOCKET,RANGE
      socket-listen:<domain>:<protocol>:<local-address>	groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE
      socket-recv:<domain>:<type>:<protocol>:<local-address>	groups=FD,SOCKET,RANGE
      socket-recvfrom:<domain>:<type>:<protocol>:<local-address>	groups=FD,SOCKET,CHILD,RANGE
      socket-sendto:<domain>:<type>:<protocol>:<remote-address>	groups=FD,SOCKET
      socks4:<socks-server>:<host>:<port>	groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,SOCKS4
      socks4a:<socks-server>:<host>:<port>	groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,SOCKS4
      stderr	groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
      stdin	groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
      stdio	groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
      stdout	groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
      system:<shell-command>	groups=FD,FIFO,SOCKET,EXEC,FORK,TERMIOS,PTY,PARENT,UNIX
      tcp-connect:<host>:<port>	groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP
      tcp-listen:<port>	groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,IP6,TCP
      tcp4-connect:<host>:<port>	groups=FD,SOCKET,CHILD,RETRY,IP4,TCP
      tcp4-listen:<port>	groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,TCP
      tcp6-connect:<host>:<port>	groups=FD,SOCKET,CHILD,RETRY,IP6,TCP
      tcp6-listen:<port>	groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP6,TCP
      tun[:<ip-addr>/<bits>]	groups=FD,CHR,NAMED,OPEN,INTERFACE
      udp-connect:<host>:<port>	groups=FD,SOCKET,IP4,IP6,UDP
      udp-datagram:<host>:<port>	groups=FD,SOCKET,RANGE,IP4,IP6,UDP
      udp-listen:<port>	groups=FD,SOCKET,LISTEN,CHILD,RANGE,IP4,IP6,UDP
      udp-recv:<port>	groups=FD,SOCKET,RANGE,IP4,IP6,UDP
      udp-recvfrom:<port>	groups=FD,SOCKET,CHILD,RANGE,IP4,IP6,UDP
      udp-sendto:<host>:<port>	groups=FD,SOCKET,IP4,IP6,UDP
      udp4-connect:<host>:<port>	groups=FD,SOCKET,IP4,UDP
      udp4-datagram:<remote-address>:<port>	groups=FD,SOCKET,RANGE,IP4,UDP
      udp4-listen:<port>	groups=FD,SOCKET,LISTEN,CHILD,RANGE,IP4,UDP
      udp4-recv:<port>	groups=FD,SOCKET,RANGE,IP4,UDP
      udp4-recvfrom:<host>:<port>	groups=FD,SOCKET,CHILD,RANGE,IP4,UDP
      udp4-sendto:<host>:<port>	groups=FD,SOCKET,IP4,UDP
      udp6-connect:<host>:<port>	groups=FD,SOCKET,IP6,UDP
      udp6-datagram:<host>:<port>	groups=FD,SOCKET,RANGE,IP6,UDP
      udp6-listen:<port>	groups=FD,SOCKET,LISTEN,CHILD,RANGE,IP6,UDP
      udp6-recv:<port>	groups=FD,SOCKET,RANGE,IP6,UDP
      udp6-recvfrom:<port>	groups=FD,SOCKET,CHILD,RANGE,IP6,UDP
      udp6-sendto:<host>:<port>	groups=FD,SOCKET,IP6,UDP
      unix-client:<filename>	groups=FD,SOCKET,NAMED,RETRY,UNIX
      unix-connect:<filename>	groups=FD,SOCKET,NAMED,RETRY,UNIX
      unix-listen:<filename>	groups=FD,SOCKET,NAMED,LISTEN,CHILD,RETRY,UNIX
      unix-recv:<filename>	groups=FD,SOCKET,NAMED,RETRY,UNIX
      unix-recvfrom:<filename>	groups=FD,SOCKET,NAMED,CHILD,RETRY,UNIX
      unix-sendto:<filename>	groups=FD,SOCKET,NAMED,RETRY,UNIX
inviska@n3plcpnl0027 [~/.acme.sh]$ 

I’ve never had a website and I’m completely clueless about such things. I did try to solve the problem by creating a TXT record in the 1&1 DNS settings, but it asks for four fields and I didn’t know what to enter for value:

Type: TXT
Prefix: _acme-challenge
Name: inviska.com
Value: ???

I don’t really know what I’m doing so I’d be grateful for any advice you can offer.

Hi,

Have you setup the GoDaddy API for acme.sh? (Seems the script is using acme.sh GoDaddy API to update dns)

Thank you

Yes, I generated the keys and ran the two export commands (sorry, I should have mentioned that).

The keys I generated are definitely production keys rather than OTE test keys. When it didn’t work I tried deleting the keys and generating new ones, but unfortunately that didn’t help.

Your domain’s DNS does not appear to be hosted by GoDaddy.

inviska.com.            86356   IN      NS      ns1028.ui-dns.org.
inviska.com.            86356   IN      NS      ns1028.ui-dns.com.
inviska.com.            86356   IN      NS      ns1028.ui-dns.de.
inviska.com.            86356   IN      NS      ns1028.ui-dns.biz.

Looks like maybe 1&1 ? I’m not aware of any ACME client that supports 1&1-hosted zones, acme.sh certainly doesn’t.

@_az. Is right…

Your domain is registered and hosted through 1and1.co.uk. however, since you setup the GoDaddy API, the script is using that API to setup DNS automatically. (Which doesn’t work)

Can you try to remove the acme GoDaddy script?
The script is located in /home/inviska/.acme.sh/dnsapi/dns_gd.sh

Thank you

After deleting dns_g.sh and running acme.sh it now gives me value to use for the TXT record. I created the a TXT record in the 1&1 DNS settings with:

Type: TXT
Prefix: _acme-challenge
Name: inviska.com
Value: Value given by script

I then tried to create another TXT record with the prefix _acme-challenge.www but it says, “You are trying to add this record on the subdomain www.inviska.com that doesn’t exist. Please go to create subdomain.”

I tried rerunning acme.sh with --renew and it does now successfully verify inviska.com but I’m still having trouble with www.inviska.com.

Well, it’s not wrong, www.inviska.com does not exist in DNS.

So you’ll either need to create it or just … not use www. ? What use is having that name on the certificate if it doesn’t resolve to begin with?

I’m a bit confused. Just to recap, after deleting dns_gd.sh and running acme.sh I got this output:

[Fri Apr 13 23:24:20 MST 2018] Can not find dns api hook for: dns_gd
[Fri Apr 13 23:24:20 MST 2018] You need to add the txt record manually.
[Fri Apr 13 23:24:20 MST 2018] Add the following TXT record:
[Fri Apr 13 23:24:20 MST 2018] Domain: '_acme-challenge.inviska.com'
[Fri Apr 13 23:24:20 MST 2018] TXT value: 'h9ISE186YuRlWVnCGx7l0c7S2jaSg02I7nckO6ZOgQs'
[Fri Apr 13 23:24:20 MST 2018] Please be aware that you prepend _acme-challenge. before your domain
[Fri Apr 13 23:24:20 MST 2018] so the resulting subdomain will be: _acme-challenge.inviska.com
[Fri Apr 13 23:24:20 MST 2018] Can not find dns api hook for: dns_gd
[Fri Apr 13 23:24:20 MST 2018] You need to add the txt record manually.
[Fri Apr 13 23:24:20 MST 2018] Add the following TXT record:
[Fri Apr 13 23:24:20 MST 2018] Domain: '_acme-challenge.www.inviska.com'
[Fri Apr 13 23:24:20 MST 2018] TXT value: 'GYzzHZPVYhHO5vljI6h4sk5as9C0BXVLih8S7z3Z9dc'
[Fri Apr 13 23:24:20 MST 2018] Please be aware that you prepend _acme-challenge. before your domain
[Fri Apr 13 23:24:20 MST 2018] so the resulting subdomain will be: _acme-challenge.www.inviska.com
[Fri Apr 13 23:24:20 MST 2018] Please add the TXT records to the domains, and re-run with --renew.

So I created the first TXT record with:

Type: TXT
Prefix: _acme-challenge
Name: inviska.com
Value: h9ISE186YuRlWVnCGx7l0c7S2jaSg02I7nckO6ZOgQs

For the second TXT record I assumed it would be:

Type: TXT
Prefix: _acme-challenge.www
Name: inviska.com
Value: GYzzHZPVYhHO5vljI6h4sk5as9C0BXVLih8S7z3Z9dc

However, that gave me the error: “You are trying to add this record on the subdomain www.inviska.com that doesn’t exist.” I tried created a www subdomain, but that gave me the same error. I deleted the subdomain and tried creating the second TXT record with the prefix as just _acme-challenge. It did allow that, but when I ran acme.sh I got:

inviska@n3plcpnl0027 [~/.acme.sh]$ acme.sh --issue --dns dns_gd -d inviska.com -d www.inviska.com --renew
[Sat Apr 14 00:22:26 MST 2018] Renew: 'inviska.com'
[Sat Apr 14 00:22:26 MST 2018] Multi domain='DNS:inviska.com,DNS:www.inviska.com'
[Sat Apr 14 00:22:26 MST 2018] Getting domain auth token for each domain
[Sat Apr 14 00:22:26 MST 2018] Verifying:inviska.com
[Sat Apr 14 00:22:30 MST 2018] Success
[Sat Apr 14 00:22:30 MST 2018] Verifying:www.inviska.com
[Sat Apr 14 00:22:31 MST 2018] www.inviska.com:Challenge error: {"type":"urn:acme:error:malformed","detail":"Unable to update challenge :: The challenge is not pending.","status": 400}

I’m therefore not sure how to create the TXT record for the www version of the domain.

Sorry for all the trouble. As I say, I’m completely clueless when it comes to this.

You’d have to ask your provider why you can’t create the www subdomain, but since it doesn’t exist anyway, why are you trying to create a certificate for a non-existent domain?

I don’t know :slight_smile: Generally most sites allow you to access them with and without the www. All the examples for acme.sh include both the www and non-www verion, e.g.

acme.sh   --issue   --dns dns_gd   -d aa.com  -d www.aa.com

I actually wasn’t aware that the www was considered a subdomain. I’ll try it without the www version.

I went through the process validating only the inviska.com domain and not the www.inviska.com domain.

As expected, if you visit www.inviska.com now you get the error:

www.inviska.com uses an invalid security certificate.
The certificate is only valid for inviska.com
Error code: SSL_ERROR_BAD_CERT_DOMAIN

So, you definitely need to validate the www domain as well, as shown in the examples. Unfortuntely I still can’t work out how to create the TXT record for the www version.

Do you perhaps need to navigate to the www subdomain and then add an _acme-challenge TXT record to that?

Failing that, just contact 1&1 support.

godaddy chaned it’s api.
please upgrade to the latest of acme.sh, and then try again.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.