DNS validation fails for one domain but works on others

Help
1

My domain is: I use 3 different domains. For two of them I am able to generate certificates and wildcard certificates. The 3rd one which is the production domain always fails. All 3 domains are hosted on eurodns.com

I ran this command: I'm using the https://github.com/fszlin/certes to create the DNS tokens and to validate the challenges. So my backend is wirtten in C#. To add the tokens to the zone I'm using the eurodns API. The tokens are deleted after the challenge has been done independent of the result. Whether the challenge was successful or not.

It produced this output: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.domain.com - check that a DNS record exists for this domain

The operating system my web server runs on is (include version): Microsoft Windows Server 2012 R2 Standard

My hosting provider, if applicable, is: eurodns

I can login to a root shell on my machine (yes or no, or I don't know): yes

The problem is quite annoying since there is not really any consistency. For my 3 domains, let's call them A, B and C. I have A and B where I have no problem getting certificates for whether it be normal certificates or wildcard certificates. For domain C, which is the production domain and contains a lot more entries, I'm only able to rarely get a certificate using the automated method described above. If I do the challenge by hand. Meaning I let the token be generated and then after this I take it and use the web interface to create the _acme-challenge TXT-Record and then let the program do the validation. (This is done with break points in the code). I'm able to get the certificate without any problem, but this isn't really helpful since the point is to automate the process.
Might be helpful to note that during the execution of the certificate demand the only thing that changes is the domain name, no other parameters are added or removed or the execution path changed.

What I have tried else:

  • Waiting up to an hour before doing the validation (Setting a sleep inside the code)
  • Check if the record is placed right (It is, since I can get certificates for domains A and B)
  • Playing around with the TTL of the Record. The problem is, that eurodns only allows for a min. TTL of 10 minutes.
  • Used a parameter in the eurodns api which is called record refresh. Here is the description of said paramter: How often secondary DNS servers should check if changes are made to the zone

Has anybody run into similar problems?

Best regards,
rsioo

2

Hi @rsioo, welcome to the LE community forum :slight_smile:

You seem to have removed one of the most important pieces of information needed to help you with.

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

No; let's not.

1 Like
3

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.