Error: Let's Encrypt validation status 400

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: http://pixelarium.net

I ran this command: I tried to issue a Lets's Encrypt SSL

It produced this output:Error: Let's Encrypt validation status 400

Detail: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.pixelarium.net - check that a DNS record exists for this domain

The DNS record is created as

TXT _acme-challenge.pixelarium.net kHzgdUcKOvA0des0hIo_0l-Q1iMzbBcQ5bVfETRlOyA

in both: domain and hosting DNS records

My web server is (include version):vmi2517820.contaboserver.net

The operating system my web server runs on is (include version):Ubuntu 22.04.5 LTS

My hosting provider, if applicable, is:Contabo

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using Plesk to manage my site (no, or provide the name and version of the control panel): Plesk Obsidian 18.0.68 Update #1

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 3.3.0

2

Are you manually updating your DNS TXT records? You need to allow enough time between updating the TXT record and resuming your certificate order for your DNS nameservers to synchronize and all return the same result. Some DNS providers can take 1 minute, some take up to 5 minutes.

2 Likes
3

Hi, thanks for the reply. The DNS TXT record is automatically generated in my VPS server's DNS when issuing the Let's Encrypt SSL certificate, but for some reason the _acme-challenge record wasn't detected, and I received a 400 validation error. I had the domain configured through GoDaddy to point the A record to the server's IP, and I even tried adding the _acme-challenge TXT record there as well, but that didn't work either. The way the certificate was finally issued correctly was when I changed the NS name servers to those of my server, allowing all DNS records to be controlled from the VPS. And voila, everything worked perfectly. I'm leaving this here in case it helps someone else. Regards.

1 Like
4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.