DNS problem: NXDOMAIN looking up TXT


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: kultdivinitylost.com

I ran this command:
docker run -it --rm --name certbot -v “/data/cert:/etc/letsencrypt” certbot/dns-digitalocean certonly -n --test-cert --agree-tos --email info@helmgast.se --dns-digitalocean --dns-digitalocean-credentials /etc/letsencrypt/digitalocean_token.ini --dns-digitalocean-propagation-seconds 300 -d ‘*.kultdivinitylost.com’

It produced this output:
Failed authorization procedure. kultdivinitylost.com (dns-01): urn:ietf:params:acme:error:dns :: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.kultdivinitylost.com


Above command worked with my other domain *.helmgast.se but not this one, but I can’t see what’s different between them.

If I use dig during this waiting time like below, I can see the record with token:
dig _acme-challenge.kultdivinitylost.com txt @ns1.digitalocean.com

but not if I do:
dig _acme-challenge.kultdivinitylost.com txt

What can be the issue here? Do I need to wait much longer? And isn’t Let’s Encrypt doing the DNS challenge directly to the authoritative nameserver?


#3

Which are dns1.registrar-servers.com. and dns2.registrar-servers.com. by the way :slight_smile:

But yes, Let’s Encrypt asks the authoritive nameservers.

What do you mean by that?


#4

Nevermind… My mobile ISP is messing with my local DNS digger…


#5

Ahh, facepalm. So I apparently had set DNS control to Namecheap (the registrar). The settings where more or less the same on both DNS servers so didn’t realise that whatever changes I did on DigitalOcean had no effect on the actual DNS lookup, that was answered from Namecheap.


#6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.