DNS TXT validation failing

My domain is: veiling.com.br

I ran this command: sudo certbot certonly --csr /tmp/guest.veiling.com.br.pem --manual --preferred-challenges dns -d guest.veiling.com.br

It produced this output: certbot.errors.FailedChallenges: Failed authorization procedure. guest.veiling.com.br (dns-01): urn:ietf:params:acme:error:dns :: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.guest.veiling.com.br

My web server is (include version): N/A

The operating system my web server runs on is (include version): Ubuntu 18.04

My hosting provider, if applicable, is: Locaweb

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.31.0

I’m trying to get a certificate through DNS validation but it keeps failing. TXT record has been created:

nslookup -q=txt veiling.com.br 8.8.8.8
Server:  dns.google
Address:  8.8.8.8

Non-authoritative answer:
veiling.com.br  text =

        "v=spf1 include:_spf.locaweb.com.br ?all"
veiling.com.br  text =

        "_acme-challenge.guest.veiling.com.br=7rZVLQXr0Ha8NntQNmJC1uCKU9tG2FZtTBGyuxCMKRw"

i’ve read some DNS related issues in the community but was not able to find anything to solve it. Could you guys shed a light, please?

Hi @csalles

these

are the wrong entries. Checked via https://check-your-website.server-daten.de/?q=veiling.com.br#txt

Your current entries:

You have to add the value

7rZVLQXr0Ha8NntQNmJC1uCKU9tG2FZtTBGyuxCMKRw

in the first red marked place. The second in the second place.

Compare it with a correct version:

Add one entry with ‘_acme-challenge’, there the non-www value.

A second entry with ‘_acme-challenge.www’, there the www value.

2 Likes

I’ve changed the DNS entries accordingly and generated the cert.

Thank you very much for your help!

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.