Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: pruebasaxptek.com
I ran this command: sudo certbot certonly --dns-rfc2136 --dns-rfc2136-credentials /etc/bind/certbot-credentials.ini -d 'pruebasaxptek.com' -d '*.pruebasaxptek.com'
It produced this output:
Requesting a certificate for pruebasaxptek.com and *.pruebasaxptek.com
Waiting 60 seconds for DNS changes to propagate
Certbot failed to authenticate some domains (authenticator: dns-rfc2136). The Certificate Authority reported these problems:
Domain: pruebasaxptek.com
Type: dns
Detail: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.pruebasaxptek.com - check that a DNS record exists for this domain
Domain: pruebasaxptek.com
Type: dns
Detail: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.pruebasaxptek.com - check that a DNS record exists for this domain
Hint: The Certificate Authority failed to verify the DNS TXT records created by --dns-rfc2136. Ensure the above domains are hosted by this DNS provider, or try increasing --dns-rfc2136-propagation-seconds (currently 60 seconds).
My web server is (include version):apache
ubuntu server 20
I can login to a root shell on my machine (yes or no, or I don't know): Yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you're using Certbot):certbot 1.21.0
What's the problem?
I dont know if its even posible but bare with me and what im trying to do. I have an apache server running on 10.0.0.5. I have a virtualhost and added a made up domain called :"pruebasaxptek.com" everything works fine, now i want to add de certificate, but every time i try to do so i keep getting error from certbot, so i decided to install BIND9, i configuerd it as i was reading from other people. so basicly. i have this:
"root@axpteksvr:/etc/bind# cat db.pruebasaxptek.com
;
; BIND data file for pruebasaxptek.com
;
$TTL 86400
@ IN SOA axpteksvr.pruebasaxptek.com. admin.pruebasaxptek.com. (
2022032601 ; Serial
3600 ; Refresh
1800 ; Retry
604800 ; Expire
86400 ) ; Minimum TTL
; Name servers
@ IN NS axpteksvr.pruebasaxptek.com.
; A records
axpteksvr IN A 10.0.0.5
www IN A 10.0.0.5
; MX record
@ IN MX 10 mail.pruebasaxptek.com.
; Mail server
mail IN A 10.0.0.5
; TXT record
@ IN TXT "Welcome to pruebasaxptek.com"
root@axpteksvr:/etc/bind#" as my BIND dns server
NEXT i have this: "root@axpteksvr:/etc/bind# cat certbot-credentials.ini
Target DNS server
dns_rfc2136_server = 10.0.0.5
Target DNS port
dns_rfc2136_port = 53
TSIG key name
dns_rfc2136_name = certbot.
TSIG key secret
dns_rfc2136_secret = 1Sbkw3/ICx6mZYrN2j4V/L1tasA//VGmhlVY61QfWljfUUJGgqHZY2aXpGljPVT+1o8aws0cWaZMyggIL/jj+A==
TSIG key algorithm
dns_rfc2136_algorithm = HMAC-SHA512"
i also have this: "root@axpteksvr:/etc/bind# cat named.conf
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, BEFORE you customize
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";
include "/etc/bind/named.conf.certbot";"
and i have this :"root@axpteksvr:/etc/bind# cat named.conf.certbot
key "certbot." {
algorithm hmac-sha512;
secret "1Sbkw3/ICx6mZYrN2j4V/L1tasA//VGmhlVY61QfWljfUUJGgqHZY2aXpGljPVT+1o8aws0cWaZMyggIL/jj+A==";
};
zone "_acme-challenge.pruebasaxptek.com" {
type master;
file "/var/lib/bind/db.example.com";
allow-query { any; };
update-policy {
grant certbot. name _acme-challenge.pruebasaxptek.com. txt;
};
};
"
and this: "root@axpteksvr:/etc/bind# cat named.conf.local
//
// Do any local configuration here
zone "pruebasaxptek.com" {
type master;
file "/etc/bind/db.pruebasaxptek.com";
};
//
// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";"
wich i think its not even being used because i have this otherone
"omar@axpteksvr:/var/lib/bind$ cat db.example.com
$ORIGIN .
$TTL 300 ; 5 minutes
_acme-challenge.example.com IN SOA axpteksvr.pruebasaxptek.com. admin.pruebasaxptek.com. (
2022032601 ; serial
10800 ; refresh (3 hours)
3600 ; retry (1 hour)
604800 ; expire (1 week)
86400 ; minimum (1 day)
)
NS axpteksvr.pruebasaxptek.com.
$TTL 60 ; 1 minute
TXT "rYPft_CCsLLpJsI2kaoA3pPuOq-BcOY4q14E9Yldi6k"
"
in another file with another db name lol, but it works guess...
SO YEAH... thats pretty much what i think is important. The deal here is that i want to use certbot locally with bind9. Please guide me i cant resolve it anymore