Impossible to get certificate. Is Online SAS over?

piotr58 · December 9, 2022, 10:16am

Is their a problem with one of your DNS test server?
Since 2 days I have a problem to get certificates
I have tried dnsckecker and it seems Online S.A.S. is over. Is it the raison?

My domain is: cines.teledetection.fr

I ran this command:

certbot certonly --manual --manual-auth-hook /etc/letsencrypt/acme-dns-auth.py --preferred-challenges dns --email []redacted --debug-challenges -d hodeia.data-terra.org,hodeia.cines.teledetection.fr,hodeia.int.cines.teledetection.fr,datuak.int.cines.teledetection.fr,kolaboratu.data-terra.org,kolaboratu.cines.teledetection.fr,kolaboratu.int.cines.teledetection.fr

It produced this output:

Certbot failed to authenticate some domains (authenticator: manual). The Certificate Authority reported these problems:
  Domain: kolaboratu.int.cines.teledetection.fr
  Type:   dns
  Detail: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.kolaboratu.int.cines.teledetection.fr - check that a DNS record exists for this domain

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is: Our

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.21.0

orangepizza · December 9, 2022, 1:34pm

i got name not resolved error, is your server online?(try over mobile data)

MikeMcQ · December 9, 2022, 1:56pm

First, your DNS has some problems. See DNSViz for details (link here)

Also, it looks like you CNAME that to acme-dns. Have you set that up properly?

dig TXT _acme-challenge.kolaboratu.int.cines.teledetection.fr

_acme-challenge.kolaboratu.int.cines.teledetection.fr. 295 IN CNAME 02f0fda4-ed22-4ffa-ac8e-29ab06ba113c.auth.acme-dns.io.int.cines.teledetection.fr.

piotr58 · December 9, 2022, 2:51pm

What a fool I am.

I forgot the dot at the end of the DNS statement. shame on me!

sorry

Bruce5051 · December 9, 2022, 3:00pm

Using this online too https://letsdebug.net/ can be of help, here are the results I got Let's Debug please review them.

A side note:
Testing and debugging are best done using the Staging Environment as the Rate Limits are much higher. Rate Limits are per week (rolling).

MikeMcQ · December 9, 2022, 3:18pm

Note that error is for the apex domain but they are not requesting that name in the cert. All names in the cert were for various levels of subdomains of that. If they don't plan to use the apex name (and it doesn't look like they are), the missing A/AAAA records are expected.

Bruce5051 · December 9, 2022, 3:25pm

Sorry missed that, however DNS-01 Challenge also is having issues results here Let's Debug

MikeMcQ · December 9, 2022, 3:36pm

Yes, and I already posted link to DNSViz which describes some DNS errors for the domain names in question

Bruce5051 · December 9, 2022, 3:38pm

I probably should drink more before reading . . .

system · January 8, 2023, 3:38pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.