Error valildating certificate

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: masterbook.info

I ran this command: I start the SSL creation process. Once I'm sure (using https://letsdebug.net/, https://mxtoolbox.com/ and https://dnsmap.io/) that the TXT record _acme-challenge has the correct value I try to finalize the process. I've tried many times and even waited 3 days to be sure. I run other sites on the same server, with the exact identical configuration and those are all secured with no issues.

It produced this output: Invalid response from https://acme-v02.api.letsencrypt.org/acme/authz-v3/14744358007.
Details:
Type: urn:ietf:params:acme:error:dns
Status: 400
Detail: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.masterbook.info - check that a DNS record exists for this domain

My web server is (include version): IIS 10.0.17763.1

The operating system my web server runs on is (include version): Windows Server 2019 Standard 1809

My hosting provider, if applicable, is: aruba.it (for DNS only, website is on our own server)

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): Plesk Obsidian Web Admin Edition Version 18.0.36

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): not sure

Any help would be very much appreciated.

Massimo

1 Like

Hi @massimo75, and welcome to the LE community forum :slight_smile:

I can't find the TXT record now.
Did you delete it?

#SOSCUBA

1 Like

Do these DNS nameserver look correct to you?
masterbook.info. 0 IN NS dns3.arubadns.net.
masterbook.info. 0 IN NS dns.technorail.com.
masterbook.info. 0 IN NS dns4.arubadns.cz.
masterbook.info. 0 IN NS dns2.technorail.com.

Any TXT record change will need to have replicated to all of these nameservers for validation to work. I don't see your TXT record on any of them.

Also, manual DNS is one of the worst possible ways to do dns challenge validation, does Plesk supports any DNS APIs?

2 Likes

I'm still working on it so I could have done some change. Now with all the 3 services above (letsdebug, etc...) I can correctly see the TXT record.
Those dns are all of the provider, so yes, they look correct.
Plesk suggests to test using mxtoolbox.com, not sure about APIs.


Maybe I can read if there's something else using command prompt, using the UI there are no other options than press a button.

I could try to use a different DNS server, plesk can manage dns too.
But the weird fact is that I have other 4 websites/domain on the same server, with the same DNS server and a DNS configuration identical (well maybe not all really the same but at least 1 exactly the same and the others are the same for what concern TXT record), all secured with letsencrypt with no issues.

You've added the TXT record to the wrong FQDN:

nslookup -q=txt _acme-challenge.masterbook.info
*** can't find _acme-challenge.masterbook.info: Non-existent domain

nslookup -q=txt masterbook.info
masterbook.info text =        "1OHhMzT_62YJqmcX3_esuFjYuDeS1SSs2E9liwqT9fI"
1 Like

This is the actual configuration.
I've done exactly the same for all the other domains and those work.
What should I change?

Do I have to insert _acme-challenge.masterbook.info in the host name field?

It must be out-of-sync, because that is NOT what is seen from the Internet.

Not change, but verify you are making changes that are seen on the Internet.
And find out how much time that takes.

No; That should generate a TXT record for the FQDN:
_acme-challenge.masterbook.info.masterbook.info

1 Like

So the configuration is right?
I already open a ticket on the ISP platform few days ago but no answer so far.
They are investigating.
Is there something else I can do?

Btw I'll leave it like this until monday and try again.

What is shown in your picture is.
But that is NOT what the Internet can find.

DD
[Due Diligence]
Confirm that your changes within that control panel are replicated and actually seen from the Internet.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.