DNS problem: NXDOMAIN looking up TXT


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: immovy.com

I ran this command:

certbot-auto certonly --manual --preferred-challenges=dns --email hello@appsdevs.com --server https://acme-v02.api.letsencrypt.org/directory --agree-tos -d immovy.com -d *.immovy.com

It produced this output:


Please deploy a DNS TXT record under the name
_acme-challenge.immovy.com with the following value:

A72NqG6vcQcPSBe9XLXZBt7bM_QCSs6ytxyE97sYoaY

Before continuing, verify the record is deployed.


Press Enter to Continue


Please deploy a DNS TXT record under the name
_acme-challenge.immovy.com with the following value:

_SPYxhh8k4_oHGJ4DI962L2FSCMumc4-vY5sqlMtrOE

Before continuing, verify the record is deployed.


Press Enter to Continue
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. immovy.com (dns-01): urn:ietf:params:acme:error:dns :: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.immovy.com, immovy.com (dns-01): urn:ietf:params:acme:error:dns :: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.immovy.com

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: immovy.com
    Type: None
    Detail: DNS problem: NXDOMAIN looking up TXT for
    _acme-challenge.immovy.com

    Domain: immovy.com
    Type: None
    Detail: DNS problem: NXDOMAIN looking up TXT for
    _acme-challenge.immovy.com
    There was a problem trying to setup SSL

My web server is (include version): Nginx

The operating system my web server runs on is (include version):ubuntu 16.04 LTS

My hosting provider, if applicable, is: digitalocean

I can login to a root shell on my machine (yes or no, or I don’t know):yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):dynadot.com

I created two txt records _acme-challenge.immovy.com with their values provided by certbot
Note : The output of following commands

dig -t TXT _acme-challenge.immovy.com

; <<>> DiG 9.10.3-P4-Ubuntu <<>> -t TXT _acme-challenge.immovy.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 55244
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1280
;; QUESTION SECTION:
;_acme-challenge.immovy.com. IN TXT

;; AUTHORITY SECTION:
immovy.com. 787 IN SOA ns1.dynadot.com. hostmaster.immovy.com. 1533319441 16384 2048 1048576 2560

;; Query time: 73 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sat Aug 04 00:04:36 IST 2018
;; MSG SIZE rcvd: 114

host -t txt _acme-challenge.immovy.com

Host _acme-challenge.immovy.com not found: 3(NXDOMAIN)

dig +short A immovy.com and dig +short A www.immovy.com

165.227.175.187

What is incorrect on my side? Please help! Thanks for your time and expert guidance


#2

You have TXT records called “_acme-challenge.immovy.com.immovy.com.”, though they have different values than in the Certbot output above.

_acme-challenge.immovy.com.immovy.com. 300 IN TXT "iMbuIS23c1hS6CVtusQ-Y8daKeW4ypTsCiL0iO96a0Y"
_acme-challenge.immovy.com.immovy.com. 300 IN TXT "CX5Gbx2XLkdy-HSRYvRGDjjLnXqFgYNwFXasC1llw0M"

I don’t know how Dynadot’s control panel works, but if you entered “_acme-challenge.immovy.com”, try “_acme-challenge.immovy.com.” with a trailing “.” or just “_acme-challenge”.

In any case, DNS validation is easiest to use when it can be fully automated. It might be worth switching DNS providers to one that Certbot has a plugin for.


#3

Thanks! mnordhoff for your precise help.

with a trailing “.” didn’t work as dynadot didn’t allow me to save it. it gave “Subhost ‘_acme-challenge.immovy.com.’ is not in the correct format.”

Hence I went with you other suggestion i.e. just “_acme-challenge” and it worked!
Thanks!! once again. You may close the topic.


#4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.