Domain dataconsole.hosting.xero.com not validating

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

We prevalidated this domain with DNS checks, but when we try to retrieve the certificate, we get the answer back from LE that this domain is still “Awaiting”

My domain is:
dataconsole.hosting.xero.com
I ran this command:
dig -t TXT _acme-challenge.dataconsole.hosting.xero.com.

It produced this output:
;; ANSWER SECTION:

_acme-challenge.dataconsole.hosting.xero.com. 60 IN TXT “8CwyOU_Xk1rx_QhOuj6F5OxXeE4IE5sx9qZeq7Jl1Y8”

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

1 Like

“Awaiting” doesn’t have any meaning in the ACME protocol. What ACME client are you using?

A DNS challenge might be “pending”, in which case the ACME client needs to tell the server to check the challenge.

Or the challenge might be “processing”, in which case the ACME client needs to wait for the server to finish checking the challenge, at which point it will transition to “valid” or “invalid”.

If you have ACME client logs, or an order URL we can look at, that would be useful to identify what is happening.

Hi @tiday

that’s not a typical error message from Letsencrypt. That’s an unknown message from your client.

What client do you use? Is there an update? ACME-v1 or v2?

PS: Your TXT entry looks good - https://check-your-website.server-daten.de/?q=dataconsole.hosting.xero.com

Is this URL you are requesting?
https://acme-v01.api.letsencrypt.org/acme/authz-v3/3303986267

That’s the authorization URL. I was looking for the order URL (contains /acme/order/).

But, from the authorization URL, we can see that the domain validation did complete successfully (status “valid”). So there was nothing wrong with the validation process or your TXT record.

At this stage, your ACME client should finalize the order, which would result in the certificate being issued. If you can find the order URL, we can check what the status of that process is.

Thanks for your help. I forced our client to retry and this time it successfully retrieved the certificate.