DNS problem: NXDOMAIN looking up TXT


Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: kultdivinitylost.com

I ran this command:
docker run -it --rm --name certbot -v “/data/cert:/etc/letsencrypt” certbot/dns-digitalocean certonly -n --test-cert --agree-tos --email info@helmgast.se --dns-digitalocean --dns-digitalocean-credentials /etc/letsencrypt/digitalocean_token.ini --dns-digitalocean-propagation-seconds 300 -d ‘*.kultdivinitylost.com’

It produced this output:
Failed authorization procedure. kultdivinitylost.com (dns-01): urn:ietf:params:acme:error:dns :: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.kultdivinitylost.com

Above command worked with my other domain *.helmgast.se but not this one, but I can’t see what’s different between them.

If I use dig during this waiting time like below, I can see the record with token:
dig _acme-challenge.kultdivinitylost.com txt @ns1.digitalocean.com

but not if I do:
dig _acme-challenge.kultdivinitylost.com txt

What can be the issue here? Do I need to wait much longer? And isn’t Let’s Encrypt doing the DNS challenge directly to the authoritative nameserver?


Which are dns1.registrar-servers.com. and dns2.registrar-servers.com. by the way :slight_smile:

But yes, Let’s Encrypt asks the authoritive nameservers.

What do you mean by that?


Nevermind… My mobile ISP is messing with my local DNS digger…


Ahh, facepalm. So I apparently had set DNS control to Namecheap (the registrar). The settings where more or less the same on both DNS servers so didn’t realise that whatever changes I did on DigitalOcean had no effect on the actual DNS lookup, that was answered from Namecheap.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.