I’ve attempted to use dns-01 authorization and provisioned the record properly (I believe).
I received an error message when I return the challenge that I cannot figure out a solution for:
urn:acme:error:connection DNS problem: SERVFAIL looking up TXT for _acme-challenge.kkv.pl
Testing against acme-staging.api.letsencrypt.org, I can’t figure out what may be the problem boulder has with resolving the record. Obviously I tried with dig against many DNS servers (authoritative, 220.127.116.11, 18.104.22.168, my ISP’s DNS) - they all reply properly.
; <<>> DiG 9.9.5-12.1-Debian <<>> TXT _acme-challenge.kkv.pl @22.214.171.124 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60423 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;_acme-challenge.kkv.pl. IN TXT ;; ANSWER SECTION: _acme-challenge.kkv.pl. 0 IN TXT "enAHY01aoA6gaqiDAdrSeq4o_r7CLBIEzJmBK8O_ugM" ;; Query time: 64 msec ;; SERVER: 126.96.36.199#53(188.8.131.52) ;; WHEN: Sun Jan 31 19:19:30 CET 2016 ;; MSG SIZE rcvd: 107
I’ve experimented with multiple TTLs to make sure LE isn’t getting a cached record: started with 300, then 1, 5 and 10. They all have the same effect.
The record is published now and you should all be able to query it. Thanks in advance for help in troubleshooting that.