DYNU Certbot Incorrect TXT record

I ran this command:

certbot certonly --work-dir "/tmp/letsencrypt-lib" --logs-dir "/tmp/letsencrypt-log" --cert-name 'npm-31' --agree-tos --email 'myemail@gmail.com' --domains 'portainer.domain.com' --authenticator 'dns-dynu' --dns-dynu-credentials '/home/user/dynu/credentials.ini' --dns-dynu-propagation-seconds 120

It produced this output:

Certbot failed to authenticate some domains (authenticator: dns-dynu). The Certificate Authority reported these problems:
Domain: portainer.domain.com
Type: dns
Detail: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.portainer.domain.com - check that a DNS record exists for this domain

Hint: The Certificate Authority failed to verify the DNS TXT records created by --dns-dynu. Ensure the above domains are hosted by this DNS provider, or try increasing --dns-dynu-propagation-seconds (currently 120 seconds).

The version of my client is: 4.0.0

I've been using letsencrypt with DYNU ACME challenges successfully for a few years. Not long ago, I started getting errors in nginx-proxy-manager; and to test things out, installed certbot on an Ubuntu VM.

I noticed that while using an ACME challenge, with the correct API key, that certbot would go looking for the TXT record _acme-challenge.HOST.domain.com, while my dynamic DNS host out on the internet (DYNU) would end up with a TXT record of _acme-challenge.domain.com, the 'HOST' part was missing.

I'm not sure if this is a certbot issue, or a dynu issue. I did open a ticket with them, but thought I'd poke in here and see if anyone knew what was going on?

Thanks.

Less likely to be a certbot problem just based on volume of users, but still possible. What version of /certbot-dns-dynu are you using?

2 Likes

The latest, from what I can tell.

Name: certbot-dns-dynu
Version: 0.0.6.post2502111739272536

But either way, after setting up a new 24.04 VM, installing all the latest packages, and creating a Python Virtual Environment, it's still failing. I sent all the information to them in the ticket and just got a response:

We have identified the issue and are working towards a solution by releasing a newer version of certbot-dns-dynu.

We will update you as soon as a new version has been released.

So there we have it. :slight_smile:

2 Likes

Also, I can still do wildcard certs at the moment. They work fine, so I've been deploying those in the interim.