DNS problem: NXDOMAIN looking up TXT

Hello Experts,

I’d like to make my domain secure.
After running the command sudo certbot -d esprit.tn --manual --preferred-challenges dns certonly
As output, I got:

saria2019@DESKTOP-1A5EVVH:~$ sudo certbot -d esprit.tn --manual --preferred-challenges dns certonly
[sudo] password for saria2019:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Obtaining a new certificate
Performing the following challenges:
dns-01 challenge for esprit.tn


NOTE: The IP of this machine will be publicly logged as having requested this
certificate. If you’re running certbot in manual mode on a machine that is not
your server, please ensure you’re okay with that.

Are you OK with your IP being logged?


(Y)es/(N)o: Y


Please deploy a DNS TXT record under the name
_acme-challenge.esprit.tn with the following value:

0-i_QiKQaxMrgcbEY4n5AvXCn4feSqFc6QXD_CvUjvQ

Before continuing, verify the record is deployed.


Press Enter to Continue
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. esprit.tn (dns-01): urn:ietf:params:acme:error:dns :: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.esprit.tn

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: esprit.tn
    Type: None
    Detail: DNS problem: NXDOMAIN looking up TXT for
    _acme-challenge.esprit.tn

I tried with those command, but didn’t solve my issue.

dig -t TXT _acme-challenge.esprit.tn
dig _acme-challenge.esprit.tn txt
dig +trace _acme-challenge.esprit.tn. TXT

But still got the error.
Could you please tell me what’s missing !.
Thanks in advance.

Hi @saria

there is an older check of your domain, 2,5 hours old - https://check-your-website.server-daten.de/?q=esprit.tn

But there are no TXT entries visible.

So start new. Befor that

recheck your domain to see the TXT records you have created.

Perhaps there are some errors. The tool checks some standard errors.

Hi Sir @JuergenAuer,
Thanks a lot for your quick reply.
That’s exactly what I did.
I even restart my pc. and re-run sudo certbot -d esprit.tn --manual --preferred-challenges dns certonly

Once I run the command dig -t TXT _acme-challenge.esprit.tn or dig _acme-challenge.esprit.tn txt
It produced this output:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> -t TXT _acme-challenge.esprit.tn
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 56169
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;_acme-challenge.esprit.tn. IN TXT

;; AUTHORITY SECTION:
esprit.tn. 1799 IN SOA ns.gnet.tn. hebergement.gnet.tn. 2019021300 10800 3600 2592000 86400

;; Query time: 65 msec
;; SERVER: 192.168.3.1#53(192.168.3.1)
;; WHEN: Wed May 22 14:12:28 DST 2019
;; MSG SIZE rcvd: 110

Also, after running the command dig +trace _acme-challenge.esprit.tn. TXT
I got:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> +trace _acme-challenge.esprit.tn. TXT
;; global options: +cmd
. 247744 IN NS m.root-servers.net.
. 247744 IN NS b.root-servers.net.
. 247744 IN NS c.root-servers.net.
. 247744 IN NS d.root-servers.net.
. 247744 IN NS e.root-servers.net.
. 247744 IN NS f.root-servers.net.
. 247744 IN NS g.root-servers.net.
. 247744 IN NS h.root-servers.net.
. 247744 IN NS a.root-servers.net.
. 247744 IN NS i.root-servers.net.
. 247744 IN NS j.root-servers.net.
. 247744 IN NS k.root-servers.net.
. 247744 IN NS l.root-servers.net.
. 247744 IN RRSIG NS 8 0 518400 20190603170000 20190521160000 25266 . BSz9VrHCX++i+JcBEjpybo0e0BaQUqgfHVft98iamX4xoMGKolYB+7Qi RME6J9X3ur8ciHU+MDb78IHTGcbhxhfnd4rNMb7hwKD6hadGuGokoDo8 LLBsnHJI8k4wFIOPQfU7CjcxrbNPhA/J1Zawp7s66ARctBvE5+Zb69Qp oEW6lzWK1ETih7aG1x9/S8o7jfXTXMHFMtsj4tH4MbKte3w+UqSOo3bZ 7Swx9wkSH3kHOAGy1f6Qv3RrcnIeR+szDGkM1jxn4zSG3rZBfhHv3OeG vamWdBxoGkFVDbKIDEQ7BiDQMefom+IN2fv8v88H/VXU9cDxH29riYUi pl13Lw==
;; Received 525 bytes from 192.168.3.1#53(192.168.3.1) in 33 ms

tn. 172800 IN NS ns-tn.afrinic.net.
tn. 172800 IN NS pch.ati.tn.
tn. 172800 IN NS ns2.nic.fr.
tn. 172800 IN NS ns2.ati.tn.
tn. 172800 IN NS rip.psg.com.
tn. 172800 IN NS ns1.ati.tn.
tn. 86400 IN DS 8629 8 2 05C891303FDEE4FDAE258E2A7D48370CE21F98058C0EE0A50C438C28 78A8E2D6
tn. 86400 IN RRSIG DS 8 1 86400 20190604050000 20190522040000 25266 . qDXDKZzA3zSZ6ZrDYcZHrAkJp/j59ktS3PJP+E+4UxijDGFYr5a05XcK Qs4XsBPN9WbBRlKWLTvoMq2i5WmefK1Bb8iJh1eFRGhwQ/m58iB4ybot BXWsVCrVcAtXiHgd33jrwxH051BBQpYldsaksyklbcvuGqw/iLgIcxO2 MmGMBLcVAMrUKsQzklUf/jgCqvoV45nOH21fsmT022v+NqGwss7MWTHl tzI3aUf5mLWjOpHvwI+z9z0xYs8rxeScZhy+SU3FBNWMzT8mIcQAILwR fzEJLYsfDEPQOZfd7iwDrKyMK4DmdC0Ad4BsuYi66u9e0UkSnpFtKI4y DZIIiQ==
;; Received 791 bytes from 192.36.148.17#53(i.root-servers.net) in 58 ms

esprit.tn. 86400 IN NS ns1.gnet.tn.
esprit.tn. 86400 IN NS ns5.gnet.tn.
esprit.tn. 86400 IN NS ns2.gnet.tn.
esprit.tn. 86400 IN NS ns4.gnet.tn.
esprit.tn. 86400 IN NSEC esprit-education.tn. NS RRSIG NSEC
esprit.tn. 86400 IN RRSIG NSEC 8 2 86400 20190601214005 20190517204128 36171 tn. Ln3vFQzSq96Vt2NNazgJyXX8Ige49mIz85kZiywXomuJ8e55x6PV30PR pU9N7GccpmdIyYoz2/brHIXT98OBBIi4MQVkTeseUE6Ocx/Zzbi1mN4l GSJXCSq6gv6ZkI+94VKlEIOgypkte1BxmJpU/5lyviwaUpaywvjb79/0 sR3DuqRS9gnws79jRXiekACupGuSLonOKXXuP2etTXYqknhg2sZlIhrY XxjBnobEAgmrMetI30mZ95eMVLp3XjjAyAMtroq3tgZ0RTs1cCHf4sFZ hi0WQboPwE3tKDoRd1ExFpJJpi9gG5DsU9RdX0p9ECQfasFs9fyvYIWL Cs2pYQ==
;; Received 526 bytes from 41.228.63.62#53(ns2.ati.tn) in 3 ms

esprit.tn. 86400 IN SOA ns.gnet.tn. hebergement.gnet.tn. 2019021300 10800 3600 2592000 86400
;; Received 110 bytes from 193.95.59.22#53(ns2.gnet.tn) in 4 ms

and still no TXT entries !.

Please do it again and use my online tool to recheck your domain.

Creating TXT entries there are some typical errors the tool checks automatic.

Could you try to add a random valued string to the above indicated record name?

Thank you

Did you create them? Because with the command you used, certbot won't do that for you; you need to do it yourself. Kind of an obvious question, but I didn't see in your post where you said you'd done that.

1 Like

Hello Sir,
Sorry about the late.
I use Plesk as cPanel and I added a dns record as diplayed by this picture:

But, when I consult the tool https://check-your-website.server-daten.de/?q=esprit.tn, the record isn’t deployed.

And I got by the end:

Failed authorization procedure. esprit.tn (dns-01): urn:ietf:params:acme:error:dns :: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.esprit.tn

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: esprit.tn
    Type: None
    Detail: DNS problem: NXDOMAIN looking up TXT for
    _acme-challenge.esprit.tn

Could you please tell me what’s missing. Thanks a lot.

The "Domain name" there should just be _acme-challenge; the rest is filled in automatically.

That's the old version, recheck the domain.

Now running - but your menu shows, that the domain is added. So add only

_acme-challenge

as domain name.

Now the recheck is ready - https://check-your-website.server-daten.de/?q=esprit.tn#txt

Looks like your Plesk isn’t the right place.

There is no TXT entry visible.

9. TXT - Entries

Domainname TXT Entry Status ∑ Queries ∑ Timeout
esprit.tn v=spf1 include:_spf.google.com ~all ok 1 0
www.esprit.tn v=spf1 include:_spf.google.com ~all ok 1 0
_acme-challenge.esprit.tn Name Error - The domain name does not exist 1 0
_acme-challenge.www.esprit.tn Name Error - The domain name does not exist 1 0
_acme-challenge.esprit.tn.esprit.tn Name Error - The domain name does not exist 1 0
_acme-challenge.www.esprit.tn.esprit.tn Name Error - The domain name does not exist 1 0
_acme-challenge.www.esprit.tn.www.esprit.tn Name Error - The domain name does not exist 1 0

The tool should see the wrong entry _acme-challenge.esprit.tn.esprit.tn.

Your name servers:

esprit.tn • ns1.gnet.tn / bdns-slv1.in.gnet.tn 193.95.59.21
• ns2.gnet.tn / bdns-slv2.in.gnet.tn 193.95.59.22
• ns4.gnet.tn / kdns-slv1.in.gnet.tn 193.95.57.21
• ns5.gnet.tn / kdns-slv2.in.gnet.tn 193.95.57.22

Looks like your Plesk doesn’t send the TXT entries to your name servers.

Does your Plesk show that Google entry?

v=spf1 include:_spf.google.com ~all

If not, your Plesk is the wrong place.

May be my error is that I have to check the first option SPF Record like that (not the second one):

If not, your Plesk is the wrong place. So, Plesk have to be on the server appropriate to the domain esprit.tn ?

You don't have to create a SPF-record. That's wrong.

The question is: Does your Plesk list the SPF-record check-your-website is seeing? If not, your Plesk is the wrong place.

You have to change yor name server ns1.gnet.tn.

Your local Plesk may be completely irrelevant to change your real dns entries. Where do you manage your domain / the A-entries of your domain?

Ok Sir.
Thanks a lot.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.