Error while renewing certificates

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: chicagoearlylearning.org

I ran this command: ./acme.sh --renew -d chicagoearlylearning.org --challenge-alias ekicocvalidation.com --dns dns_gd

It produced this output:

It seems the CA server is busy now, let’s wait and retry.
[Tue May 7 20:55:10 CDT 2019] chicagoearlylearning.org:Verify error:DNS problem: NXDOMAIN looking up TXT for _acme-challenge.chicagoearlylearning.org
[Tue May 7 20:55:10 CDT 2019] Removing DNS records.
[Tue May 7 20:55:12 CDT 2019] Please add ‘–debug’ or ‘–log’ to check more details.
[Tue May 7 20:55:12 CDT 2019] See: https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh

My web server is (include version): Apache

The operating system my web server runs on is (include version): Linux

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): No

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): acme

If you wish to use DNS Alias mode, you would need to create a CNAME that binds the two domains together.

_acme-challenge.chicagoearlylearning.org should be a CNAME to _acme-challenge.ekicocvalidation.com .

But no such CNAME currently exists.

Thank you for your reply @_az . I have one question though.

What does it mean by

“It seems the CA server is busy now, let’s wait and retry.”

Regards,
Pradeep

It’s what’s known as a “bad nonce” error, but it isn’t something to worry about, because acme.sh knows how to deal with it automatically.

It can happen when acme.sh has to wait a while for e.g. GoDaddy to update your DNS challenge record.

@_az

Unfortunately, I am getting the same error for a different domain where I am issuing Lets Encrypt certificates for the first time. I checked and the DNS is updated for that domain as required.

Verifying:chicagotraffictracker.com
[Tue May 14 13:26:31 CDT 2019] It seems the CA server is busy now, let’s wait and retry.
[Tue May 14 13:26:40 CDT 2019] chicagotraffictracker.com:Verify error:DNS problem: NXDOMAIN looking up TXT for _acme-challenge.chicagotraffictracker.com
[Tue May 14 13:26:40 CDT 2019] Removing DNS records.
[Tue May 14 13:26:42 CDT 2019] Please add ‘–debug’ or ‘–log’ to check more details.
[Tue May 14 13:26:42 CDT 2019] See: https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh

Please advice, Thank you

Your CNAME looks correct.

Were you still using --challenge-alias in the attempt from your last post?

Yes, This is what I used

./acme.sh --issue -d chicagotraffictracker.com --challenge-alias ekicocvalidation.com --dns dns_gd

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.