I cant get a Let's Encrypt certificate for my domain

My domain is cabare.site
I try to get new Let's Encrypt certificate
I added DNS TXT record as it is said in messages from Let'sEncrypt
I checked result with Google dig. Those Records exists.

But Let'sEncrypt send and send messages

..... Let's Encypt cabare.site_le11 add TXT-records: '_acme-challenge.cabare.site. TXT (XXXXXXXX I changed it), _acme-challenge.cabare.site. TXT (XXXXXXXX I changed it) ....
.....'Invalid option: +noidnout, Usage: dig [@global-server] [domain] [q-type] [q-class] {q-opt}, {global-d-opt} host [@local-server] {local-d-opt}, [ host [@local-server] {local-d-opt} [...]], Use "dig -h" (or "dig -h | more") for complete list of options'.

What is the problem?


When you opened this thread in the Help section, you should have been provided with a questionnaire. Maybe you didn't get it somehow (which is weird), or you've decided to delete it. In any case, all the answers to this questionnaire are required:

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):


I found this questionaire isn't relevant for my case.

  1. I use the ISPManager 6 Lite. I made request for new certificate. It works as usual.
  2. I received messages about new TXT records for my domain. I see error in messages ".'Invalid option: +noidnout, Usage: dig [@global-server] [domain] [q-type] [q-class] {q-opt}, {global-d-opt} host [@local-server] {local-d-opt}, [ host [@local-server] {local-d-opt} [...]], Use "dig -h" (or "dig -h | more") for complete list of options'."
  3. I added those records and checked them with Google dig
  4. I see what Let'sCrypt doesn't see my DNS records and continues send me messages

I respectfully disagree.

This is useful (crucial) information and is part of the questionnaire.

From what does your conclusion entail? Because:

This is not an error message from Let's Encrypt. I don't have much information to go on, but to me it looks like ISPManager is trying to verify the TXT RR using the dig application before it triggers certificate issuance. But dig is malfunctioning and errors out, probably because it lacks IDN functionality.


I am going to ask ISPManager about it


The ISPManagers support said: bind and bind-utils on my server needed to be updated
I updated them and I got certificate.

Thanks for help


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.