Hey everybody. Thanks in advance for your time. I am trying to build a custom acme client in nodejs using the publishlab/node-acme-client github repo which is listed on the known nodejs client implementations here on lets encrypt's site (ACME Client Implementations - Let's Encrypt). I have been stuck getting first a pending status followed by an invalid status from the acme challenge url when trying to complete the dns-01 challenge verification. I have tried both the staging and production url's. I have created the TXT record using the node-acme-client implementation and manually added the TXT record for _acme.challenge.mikes.foundation in my hosting provider's DNS zone panel. While setting a sleep timer for multiple minutes, and setting the TTL config of the record to just 60 seconds, and confirming with multiple propagation checker tools like dig, nslookup, unboundtest.com, whatsmydns.net, etc, that the record has succesfully propagated. I am getting a 403 error and a response.data object that is looking something like this in my console
...
sleeping for 3 min...
...
running request
HTTP request: post https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/xxx/xxx
RESP 200 post https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/xxx/xxx
Response resp.data: {
type: 'dns-01',
status: 'pending',
url: 'https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/xxx/xxx',
token: 'xxx'
}
Item has status: pending
Promise rejected attempt #1, retrying in 5000ms: Operation is pending or processing
...
running request
HTTP request: post https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/xxx/xxx
RESP 200 post https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/xxx/xxx
Response resp.data: {
type: 'dns-01',
status: 'invalid',
error: {
type: 'urn:ietf:params:acme:error:unauthorized',
detail: 'No TXT record found at _acme-challenge.mikes.foundation',
status: 403
},
url: 'https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/xxx/xxx',
token: 'xxx',
validated: '2023-08-25T19:29:38Z'
}
Item has status: invalid
...
This pending and then invalid status seems to be the case no matter what I try. I have looked at other posts on here and can't seem to get anything to work. Any help or suggestions would be much appreciated.
My domain is: mikes.foundation
I ran this command: dig -t TXT _acme.challenge.mikes.foundation
// also, unboundtest.com recognizes the propagation change very quickly.
It produced this output:
; <<>> DiG 9.16.42-Raspbian <<>> -t TXT _acme.challenge.mikes.foundation
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34966
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;_acme.challenge.mikes.foundation. IN TXT
;; ANSWER SECTION:
_acme.challenge.mikes.foundation. 60 IN TXT "xxxxxxxxxxxxx" // the correct TXT record is here
;; Query time: 40 msec
...
My web server is (include version): node v18.17.1
The operating system my web server runs on is (include version): Currently running Raspbian GNU/Linux 11 (bullseye) in development, will ultimately be a serverless function somewhere.
My hosting provider, if applicable, is: Vercel, although the domain is purchased and registered through whois.com (The nameservers are propagated to Vercel)
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): for DNS, yes vercel
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): i am using GITHUB: "node-acme-client" => GitHub - publishlab/node-acme-client: Simple and unopinionated ACME client for Node.js
&& NPM: acme-client@5.0.0 => acme-client - npm