DNS Provider Not Allowing TXT Records to Be Submitted Correctly - LetsEncrypt Validation Doesn't Pass


#1

Please fill out the fields below so we can help you better.

My domain is:mjva.burff.com

I ran this command: certbot -d mjva.burff.com --manual --preferred-challenges dns certonly

It produced this output: Detail: DNS problem: NXDOMAIN looking up TXT for
_acme-challenge.mjva.burff.com

My operating system is (include version): centos 7.3

My web server is (include version):httpd-2.4.6-45.el7.centos.x86_64

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):no

i am root shell and add the txt record in my dns server noip.com
and i run the next command
dig -t txt mjva.burff.com
and received this
mjva.burff.com. 359 IN TXT "_acme-challenge.mjva.burff.com J1kBfoT3qkHgFnKPYpLBeUSyIkWW31dHKx17OPmsFSI"
i change the record every time that i try to validate via dns but every time received the same error
i am use dns challenge because my provider don’t allow use port 80 or 443


#2

The contents of the value of the TXT record only has to be the token. Just those “random” letters. The _acme-challenge part is the field which has to prepend your hostname. As in: _acme-challenge + mjva.burff.com = _acme-challenge.mjva.burff.com.

You already have a TXT record for the _acme-challenge.mjva.burff.com hostname:

_acme-challenge.mjva.burff.com.	360 IN	TXT	"_acme-challenge.mjva.burff.com TKx91zLSw-5pKksK211lRasjV0FVqVj7NwJO2unIYgs"

But you’ve (also) got (from your post):

mjva.burff.com.		360	IN	TXT	"_acme-challenge.mjva.burff.com TKx91zLSw-5pKksK211lRasjV0FVqVj7NwJO2unIYgs"

Which leads me to believe you’ve got some kind of wildcard TXT record set up. That shouldn’t be necessary, you only need to have a TXT record for _acme-challenge.mjva.burff.com.

So now you’ve got:

mjva.burff.com.		360	IN	TXT	"_acme-challenge.mjva.burff.com TKx91zLSw-5pKksK211lRasjV0FVqVj7NwJO2unIYgs"

(not used)

and

_acme-challenge.mjva.burff.com.	360 IN	TXT	"_acme-challenge.mjva.burff.com TKx91zLSw-5pKksK211lRasjV0FVqVj7NwJO2unIYgs"

(the correct hostname, but the incorrect value of the TXT record)

Which should be:

_acme-challenge.mjva.burff.com.	360 IN	TXT	"TKx91zLSw-5pKksK211lRasjV0FVqVj7NwJO2unIYgs"

Does this help you further?


#3

i try to create _acme-challenge.mjva.burff.com. but i cant i open a ticket for help in the dns
thacks for your help


#4

Some DNS providers do have trouble with names like this, but you can assure them that it’s fully permitted by Internet standards and already used by some other Internet protocols! :slight_smile:


How to add DNS TXT record for domain verification
#5

hi @burffegqt

as @Osiris pointed out a TXT DNS entry should look like

to verify it run nslookup -q=TXT name of challenge


#6

As I said, there already is a _acme-challenge.mjva.burff.com hostname, but just not with the correct contents.

Perhaps you can do exactly as you did before, but now with the correct value of the TXT record (i.e., without the _acme-challenge in the value of the record).


#7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.