Hello Let's Encrypt Community!
The first time I ran it (November last year) it was successful, but when I ran it today to renew my certificate I got an error.I wish I could find a clue to the solution. Thank you.
My domain is: (This is the contents of the file domains.txt. )
certio.co.jp, *.certio.co.jp
I ran this command: (I am root user.)
./dehydrated --cron --challenge dns-01 --hook ./hook.sh
It produced this output:
`# INFO: Using main config file /opt/dehydrated/config
Processing certio.co.jp with alternative names: *.certio.co.jp
- Checking domain name(s) of existing cert... unchanged.
- Checking expire date of existing cert...
- Valid till Feb 24 08:09:52 2021 GMT (Less than 30 days). Renewing!
- Signing domains...
- Generating private key...
- Generating signing request...
- Requesting new certificate order from CA...
- Received 2 authorizations URLs from the CA
- Handling authorization for certio.co.jp
- Found valid authorization for certio.co.jp
- Handling authorization for certio.co.jp
- 1 pending challenge(s)
- Deploying challenge tokens...
- Responding to challenge for certio.co.jp authorization...
- Cleaning challenge tokens...
- Challenge validation has failed
ERROR: Challenge is invalid! (returned: invalid) (result: ["type"] "dns-01"
["status"] "invalid"
["error","type"] "urn:ietf:params:acme:error:dns"
["error","detail"] "During secondary validation: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.certio.co.jp - check that a DNS record exists for this domain"
["error","status"] 400
["error"] {"type":"urn:ietf:params:acme:error:dns","detail":"During secondary validation: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.certio.co.jp - check that a DNS record exists for this domain","status":400}
["url"] "https://acme-v02.api.letsencrypt.org/acme/chall-v3/10964587222/aSnn-g"
["token"] "CMZBpR9ZzsghDXJBQ_17w4bnIHedJnAEUhsdHcExJlw"
["validationRecord",0,"hostname"] "certio.co.jp"
["validationRecord",0] {"hostname":"certio.co.jp"}
["validationRecord"] [{"hostname":"certio.co.jp"}])
`
My web server is (include version):
I'm using dns-01 so I don't think it matters.
My hosting provider, if applicable, is:
myself
The operating system my web server runs on is (include version):
# ./dehydrated --version
# INFO: Using main config file /opt/dehydrated/config
Dehydrated by Lukas Schauer
https://dehydrated.io
Dehydrated version: 0.7.1
GIT-Revision: 589e9f30b383751a927d745e83c0c53bf42a195c
OS: CentOS release 5.4 (Final)
Used software:
bash: 3.2.25(1)-release
curl: 7.58.0
awk: GNU Awk 3.1.5
sed: GNU sed 4.1.5
mktemp: mktemp version 1.5
grep: grep (GNU grep) 2.5.1
diff: diff (GNU diffutils) 2.8.1
openssl: OpenSSL 1.0.2n 7 Dec 2017
I can login to a root shell on my machine (yes or no, or I don't know):
yes.
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no.
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you're using Certbot):
I am using dehydrated.
I ran the following command every 2 seconds.
I can see TOKEN: "ASBA6Z2VAFMmy7dvtVElTlKbY6CS0-c8JeeTfpMsDLQ"
In hook.sh at this timing, deploy_challenge () was the following parameter.
DOMAIN: certio.co.jp
TOKEN_FILENAME: CMZBpR9ZzsghDXJBQ_17w4bnIHedJnAEUhsdHcExJlw
TOKEN_VALUE: ASBA6Z2VAFMmy7dvtVElTlKbY6CS0-c8JeeTfpMsDLQ
command:
# dig -t TXT _acme-challenge.certio.co.jp @dns.certio.co.jp
results:
; <<>> DiG 9.10.6 <<>> -t TXT _acme-challenge.certio.co.jp @dns.certio.co.jp
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56863
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;_acme-challenge.certio.co.jp. IN TXT
;; ANSWER SECTION:
_acme-challenge.certio.co.jp. 300 IN TXT "ASBA6Z2VAFMmy7dvtVElTlKbY6CS0-c8JeeTfpMsDLQ"
;; AUTHORITY SECTION:
certio.co.jp. 259200 IN NS dns.certio.co.jp.
;; ADDITIONAL SECTION:
dns.certio.co.jp. 259200 IN A 218.219.158.105
;; Query time: 82 msec
;; SERVER: 218.219.158.105#53(218.219.158.105)
;; WHEN: Thu Feb 18 17:50:33 JST 2021
;; MSG SIZE rcvd: 136
Thanks in advance,
makai