Failed authorization procedure


#1

I have created the Service Account with DNS > DNS Administrator priviledge
according to this doc
https://cloud.google.com/dns/access-control#permissions_and_roles

I also added a A record to the following
_acme-challenge.dev.smoothflow.io. A 300 35.184.92.152

Still it says Failed authorization procedure? Have I missed any documentation?
Where am I doing wrong?

My domain is: dev.smoothflow.io

I ran this command:

sudo docker run -it --rm --name certbot
-v “/etc/letsencrypt:/etc/letsencrypt”
-v “/var/lib/letsencrypt:/var/lib/letsencrypt”
-v “/home/shehan/google.json:/home/shehan/google.json”
certbot/dns-google certonly --server https://acme-v02.api.letsencrypt.org/directory
–dns-google
–dns-google-credentials “/home/shehan/google.json”
–dns-google-propagation-seconds 60
-d *.dev.smoothflow.io

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator dns-google, Installer None
Obtaining a new certificate
Performing the following challenges:
dns-01 challenge for dev.smoothflow.io
URL being requested: GET https://www.googleapis.com/discovery/v1/apis/dns/v1/rest
URL being requested: GET https://www.googleapis.com/dns/v1/projects/smooth-flow-1215/managedZones?alt=json&dnsName=dev.smoothflow.io.
Attempting refresh to obtain initial access_token
Refreshing access_token
URL being requested: GET https://www.googleapis.com/dns/v1/projects/smooth-flow-1215/managedZones?alt=json&dnsName=smoothflow.io.
URL being requested: GET https://www.googleapis.com/dns/v1/projects/smooth-flow-1215/managedZones/2889015238308626641/rrsets?alt=json
URL being requested: POST https://www.googleapis.com/dns/v1/projects/smooth-flow-1215/managedZones/2889015238308626641/changes?alt=json
URL being requested: GET https://www.googleapis.com/dns/v1/projects/smooth-flow-1215/managedZones/2889015238308626641/changes/111?alt=json
URL being requested: GET https://www.googleapis.com/dns/v1/projects/smooth-flow-1215/managedZones/2889015238308626641/changes/111?alt=json
URL being requested: GET https://www.googleapis.com/dns/v1/projects/smooth-flow-1215/managedZones/2889015238308626641/changes/111?alt=json
Waiting 60 seconds for DNS changes to propagate
Waiting for verification…
Cleaning up challenges
URL being requested: GET https://www.googleapis.com/discovery/v1/apis/dns/v1/rest
URL being requested: GET https://www.googleapis.com/dns/v1/projects/smooth-flow-1215/managedZones?alt=json&dnsName=dev.smoothflow.io.
Attempting refresh to obtain initial access_token
Refreshing access_token
URL being requested: GET https://www.googleapis.com/dns/v1/projects/smooth-flow-1215/managedZones?alt=json&dnsName=smoothflow.io.
URL being requested: GET https://www.googleapis.com/dns/v1/projects/smooth-flow-1215/managedZones/2889015238308626641/rrsets?alt=json
URL being requested: POST https://www.googleapis.com/dns/v1/projects/smooth-flow-1215/managedZones/2889015238308626641/changes?alt=json
Failed authorization procedure. dev.smoothflow.io (dns-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: No TXT record found at _acm
e-challenge.dev.smoothflow.io
IMPORTANT NOTES:

  • The following errors were reported by the server:
    Domain: dev.smoothflow.io
    Type: unauthorized
    Detail: No TXT record found at _acme-challenge.dev.smoothflow.io
    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address.

My web server is (include version): Apache2

The operating system my web server runs on is (include version): Ubuntu 15.10

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No


#2

smoothflow.io is using Amazon Route 53:

smoothflow.io.          86400   IN      NS      ns-7.awsdns-00.com.
smoothflow.io.          86400   IN      NS      ns-623.awsdns-13.net.
smoothflow.io.          86400   IN      NS      ns-1360.awsdns-42.org.
smoothflow.io.          86400   IN      NS      ns-1945.awsdns-51.co.uk.

You need to switch to Certbot’s Route 53 plugin (with Route 53 credentials), or go to your domain registrar and change the NS records from Amazon to Google.

(For what it’s worth, the _acme-challenge subdomain doesn’t need an A record. It just uses a TXT record.)


#3

smoothflow.io is another server. but in this question I am having trouble with dev.smoothflow.io which is another server.


#4

But the whole domain’s DNS is hosted by Amazon Route 53, so you have to update the DNS records for the zone at Amazon Route 53.


#5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.