Error creating certificate: error: one or more domains had a problem

I have over come the issue by adding Ansible Sleep task in-between create TXT and Validate TXT. It works.
But the thing is, Its works only with Common Name not when i add SAN (subject_alternative_name)

Ansible Error Message :
"msg": "Failure downloading https://acme-v02.api.letsencrypt.org/directory, Request failed: <urlopen error [Errno -3] Temporary failure in name resolution>",

Add-On Logs :

{
"status": "pending",
"expires": "2021-11-22T22:35:58Z",
"identifiers": [
{
"type": "dns",
"value": "kutis.c3k.to"
},
{
"type": "dns",
"value": "kutisdb.c3k.to"
},
{
"type": "dns",
"value": "kutisdb2.c3k.to"
},
{
"type": "dns",
"value": "kutislb.c3k.to"
}
],
"authorizations": [
"https://acme-v02.api.letsencrypt.org/acme/authz-v3/49659014570",
"https://acme-v02.api.letsencrypt.org/acme/authz-v3/49659014580",
"https://acme-v02.api.letsencrypt.org/acme/authz-v3/49659014590",
"https://acme-v02.api.letsencrypt.org/acme/authz-v3/49659014600"
],
"finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/282192340/39954074990"
}

https://acme-v02.api.letsencrypt.org/acme/finalize/282192340/39954074990
{
"type": "urn:ietf:params:acme:error:malformed",
"detail": "Method not allowed",
"status": 405
}

Issue Conclusion :

Finally, I have tried with all 3 softwares Cerbot, Ansible, Terraform and found that,
when i add domain name in SAN (subject_alternative_name) its not getting generate the certificates but when i give Common Name alone, It gets generated the certificate.

2 Likes

Hi LE Team,

Can i have update on this ?

Hi LE Team,

Can i have update on this ? waiting for your response.

1 Like

I got Name not resolved error for that domain in Chrome. did you set nameserver correctly?

2 Likes

yes, i have not changed any thing in nameserver.

1 Like

https://unboundtest.com/ uses same config as lersencrypt, so try filling some txt record into _acme-challenge and try test that. currently there is no test record there

2 Likes

Yes, i have created and checked. its working.

Query results for TXT _acme-challenge.pet.c3k.to

Response:
;; opcode: QUERY, status: NOERROR, id: 7482
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;_acme-challenge.pet.c3k.to. IN TXT

;; ANSWER SECTION:
_acme-challenge.pet.c3k.to. 0 IN TXT "DOwfMnP8nNtXNi9hxryfJIj9tbKEWJVCQfJn_BDi 4U0"

##----------------------------------------------------------------------------------------------------

Query results for TXT _acme-challenge.petlb.c3k.to

Response:
;; opcode: QUERY, status: NOERROR, id: 5243
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;_acme-challenge.petlb.c3k.to. IN TXT

;; ANSWER SECTION:
_acme-challenge.petlb.c3k.to. 0 IN TXT "ID-p2IDCXwwSnzdftt3OOiyJ-gOiYuFNHy1Rf_Y-VrE"

1 Like

Hi LE,

Can i have update on this ?

1 Like

Are you able to obtain any certs from domain c3k.to?

1 Like

Yes, I can. But not if i add SAN (subject alternative names) when generating certificates.

1 Like

I'm starting to think there may be a problem with the DNS Service Provider (DSP)
OR with the DNS API plugin used by acme.sh
OR something in the way lego (or "terraform") is implementing things

If there's a way to independently test parts of the process, we might get closer to where the problem is.

1 Like

I have already provided information in the above mail chain. As instructed, I did create certificate using cerbot manually. Its generated it but not when i provide SAN.
Means: It will not work when i follow LE official KB also.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.