How can issue certificate with my dns?

I have bought a domain name from nameliso,want to get a certificate from letsencrypt :
The dns for my domain name is "ns57.domaincontrol.com" ,suppose that 44.55.66.77 binding with my_domain.com.

acme.sh --issue --dns  "ns57.domaincontrol.com"  --dnssleep 1000 -d my_domain.com -d www.my_domain.com --server letsencrypt

[Fri 22 Apr 2022 03:31:16 PM CST] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Fri 22 Apr 2022 03:31:16 PM CST] Creating domain key
[Fri 22 Apr 2022 03:31:16 PM CST] The domain key is here: /root/.acme.sh/my_domain.com/my_domain.com.key
[Fri 22 Apr 2022 03:31:16 PM CST] Multi domain='DNS:my_domain.com,DNS:www.my_domain.com'
[Fri 22 Apr 2022 03:31:16 PM CST] Getting domain auth token for each domain
[Fri 22 Apr 2022 03:31:19 PM CST] Getting webroot for domain='my_domain.com'
[Fri 22 Apr 2022 03:31:19 PM CST] Getting webroot for domain='www.my_domain.com'
[Fri 22 Apr 2022 03:31:19 PM CST] Verifying: my_domain.com
[Fri 22 Apr 2022 03:31:20 PM CST] Pending, The CA is processing your order, please just wait. (1/30)
[Fri 22 Apr 2022 03:31:23 PM CST] my_domain.com:Verify error:44.55.66.77: Invalid response from http://my_domain.com/.well-known/acme-challenge/KAgbkVI4gmII6eCr3g2L7i4FYJIaVqzmVLZUxuB83b8: 400
[Fri 22 Apr 2022 03:31:23 PM CST] Please add '--debug' or '--log' to check more details.
[Fri 22 Apr 2022 03:31:23 PM CST] See: How to debug acme.sh · acmesh-official/acme.sh Wiki · GitHub

You must have a working HTTP site in order to use HTTP authentication.
[Error 400 is not a working site]

1 Like

If you want to issue a cert using DNS, you need to understand the client usage/syntax:

--dns [dns_hook] Use dns manual mode or dns api. Defaults to manual mode when argument is omitted.
                 See: https://github.com/acmesh-official/acme.sh/wiki/dnsapi
2 Likes

You can't just use one of the authorative DNS servers of your domain (I assume) as an option and expect it to magically work.

Please read more about the basics of how things work.

3 Likes

I get the api key from management webpage in namesilo:

export Namesilo_Key="xxxxxxx"

Issue certs with:

/.acme.sh# ./acme.sh --issue --dns dns_namesilo --dnssleep 900 -dmydomain.com -d www.domain.com  --server letsencrypt
[Fri 22 Apr 2022 10:31:31 PM CST] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Fri 22 Apr 2022 10:31:31 PM CST] Multi domain='DNS:domain.com,DNS:www.domain.com'
[Fri 22 Apr 2022 10:31:31 PM CST] Getting domain auth token for each domain
[Fri 22 Apr 2022 10:31:34 PM CST] Getting webroot for domain='domain.com'
[Fri 22 Apr 2022 10:31:35 PM CST] Getting webroot for domain='www.domain.com'
[Fri 22 Apr 2022 10:31:35 PM CST] Adding txt value: ON4i6qJ1pf4TCEuYcAGnRGQG-GIiP2faMPC0kNP8SqY for domain:  _acme-challenge.domain.com
[Fri 22 Apr 2022 10:31:35 PM CST] Unable to find domain specified.
[Fri 22 Apr 2022 10:31:35 PM CST] Error add txt for domain:_acme-challenge.domain.com
[Fri 22 Apr 2022 10:31:35 PM CST] Please add '--debug' or '--log' to check more details.
[Fri 22 Apr 2022 10:31:35 PM CST] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh

I can ping the domain!!!Why it says that Unable to find domain specified.

What does that have to do with DNS troubles?

Anyway, try increasing --dnssleep to e.g. an hour or so.

3 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.