For several days, in a random way the validation of the TXT field has been working and sometimes not. Also, when I run the command below, I can see the TXT field created, but that doesn't mean it works.
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator dns-ovh, Installer None
Performing the following challenges:
dns-01 challenge for illuad.fr
Waiting 60 seconds for DNS changes to propagate
Waiting for verification...
Challenge failed for domain illuad.fr
dns-01 challenge for illuad.fr
Cleaning up challenges
Some challenges have failed.
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: illuad.fr
Type: dns
Detail: DNS problem: NXDOMAIN looking up TXT for
_acme-challenge.illuad.fr - check that a DNS record exists for this domain
My web server is (include version):
httpd -V
Server version: Apache/2.4.37 (centos)
The operating system my web server runs on is (include version):
cat /etc/centos-release
CentOS Linux release 8.3.2011
My hosting provider, if applicable, is:
OVH
I can login to a root shell on my machine (yes or no, or I don't know):
Yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
No, (CLI > GUI)
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
Indeed it works by using the flag --dns-ovh-propagation-seconds 150. But what could be the explanation that sometimes it works with 60 (even 30 sometimes!). Is this necessarily a "problem" on the OVH side?
I have same problem since today with same plugin (domain from OVH).
I read your recommandations and test with 30,60,120,300 seconds but results is same.
I have many of other domain from OVH and all are signed by certs with this plugins with 30seconds.
I don't know why it doesn't work today.
I tried to renew all day without success.
But there is also the possibility that the DNS request is being unanswered because it comes from a distant location and is being handled by remote DNS servers (that have not yet synchronized - or are having problems synchronizing).
Without knowing the domain having the problem there is no way for anyone here to check.
Sorry; But there are now two people (with a similar problem) on this thread/topic. [maybe someone can split them apart so this type of confusion stops]
I was referring to the other person, who gave no real information.
Your issue can be checked to a certain extent now.
But would be better checked upon your inserting a new record.
[maybe we can coordinate those actions - through this forum]
I have a test script ready - just let me know when you have made a new TXT record.
[the current response shows all four IPs (two IPv4 and two IPv6) have the same SOA record and no TXT record]
Your right, sorry for confusions in this post.
FYI I found the problem: it seems my client has changed his domaine registar.
Thanks again for your reply and for your job.