Hi,
I’m writing the new acme client for our purpose. In our case we mostly use dns challenge. While finalizing the order it show invalid and it shows “Incorrect txt record”.
I have provided my debug log below:
challengeTypes: [ 'dns-01' ],
auth:
{ identifier: [Object],
hostname: 'kuyil.net',
type: 'dns-01',
token: 'cbf2bb00b188b2cb7dc41a317fda8451',
thumbprint: 'R4iggq1wYucZQ_tLOfRWB2wxH-7DfjS4ehx23itG_Og',
keyAuthorization:
'cbf2bb00b188b2cb7dc41a317fda8451.R4iggq1wYucZQ_tLOfRWB2wxH-7DfjS4ehx23itG_Og',
dnsAuthorization: 'w1YuxWJUAjlyAe-5C4Nd00ZNEIuR9a9sE2PRtX3TObM' } } }
[acme-client] DEBUG Finalize Challenge verification.
[DEBUG] newOrder
https://acme-staging-v02.api.letsencrypt.org/acme/order/8985046/31442349
{ statusCode: 201,
body:
{ status: 'pending',
expires: '2019-04-28T10:05:19.806345998Z',
identifiers: [ [Object] ],
authorizations:
[ 'https://acme-staging-v02.api.letsencrypt.org/acme/authz/E3avy4tegV9mUT5TeA-ms8LBgIntmmNN-FxeqxOfZCw' ],
finalize:
'https://acme-staging-v02.api.letsencrypt.org/acme/finalize/8985046/31442349' },
headers:
{ server: 'nginx',
'content-type': 'application/json',
'content-length': '382',
'boulder-requester': '8985046',
link:
'<https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"',
location:
'https://acme-staging-v02.api.letsencrypt.org/acme/order/8985046/31442349',
'replay-nonce': 'ej0uy8RwGaNsSmeZMBL5LSvqTOTRJ-Qc4KAmzOo85Ac',
'x-frame-options': 'DENY',
'strict-transport-security': 'max-age=604800',
expires: 'Sun, 21 Apr 2019 10:05:19 GMT',
'cache-control': 'max-age=0, no-cache, no-store',
pragma: 'no-cache',
date: 'Sun, 21 Apr 2019 10:05:19 GMT',
connection: 'close' },
request:
{ uri:
Url {
protocol: 'https:',
slashes: true,
auth: null,
host: 'acme-staging-v02.api.letsencrypt.org',
port: null,
hostname: 'acme-staging-v02.api.letsencrypt.org',
hash: null,
search: null,
query: null,
pathname: '/acme/new-order',
path: '/acme/new-order',
href:
'https://acme-staging-v02.api.letsencrypt.org/acme/new-order' },
method: 'POST',
headers:
{ 'Content-Type': 'application/jose+json',
'Content-Length': 734 } } }
[acme-v2] POST newOrder has authorizations
[DEBUG] getChallenges
[acme-v2.js] challenge accepted!
{ server: 'nginx',
'content-type': 'application/json',
'content-length': '229',
'boulder-requester': '8985046',
link:
'<https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-staging-v02.api.letsencrypt.org/acme/authz/E3avy4tegV9mUT5TeA-ms8LBgIntmmNN-FxeqxOfZCw>;rel="up"',
location:
'https://acme-staging-v02.api.letsencrypt.org/acme/challenge/E3avy4tegV9mUT5TeA-ms8LBgIntmmNN-FxeqxOfZCw/302086861',
'replay-nonce': 'YvJbmMlm9JwYNgWlHfhNp-WzNf0ioM4bX-DfxP4r6kk',
'x-frame-options': 'DENY',
'strict-transport-security': 'max-age=604800',
expires: 'Sun, 21 Apr 2019 10:05:20 GMT',
'cache-control': 'max-age=0, no-cache, no-store',
pragma: 'no-cache',
date: 'Sun, 21 Apr 2019 10:05:20 GMT',
connection: 'close' }
{ type: 'dns-01',
status: 'pending',
url:
'https://acme-staging-v02.api.letsencrypt.org/acme/challenge/E3avy4tegV9mUT5TeA-ms8LBgIntmmNN-FxeqxOfZCw/302086861',
token: 'CbwWE6IFeiwiioUxY3U5XmZm65H43S9B8rpLJB_w2-U' }
respond to challenge: resp.body:
{ type: 'dns-01',
status: 'pending',
url:
'https://acme-staging-v02.api.letsencrypt.org/acme/challenge/E3avy4tegV9mUT5TeA-ms8LBgIntmmNN-FxeqxOfZCw/302086861',
token: 'CbwWE6IFeiwiioUxY3U5XmZm65H43S9B8rpLJB_w2-U' }
[DEBUG] statusChallenge
(node:30843) UnhandledPromiseRejectionWarning: Error: [acme-v2] (E_STATE_INVALID) challenge state for 'kuyil.net': 'invalid'
Server response log:
{
"type": "dns-01",
"status": "invalid",
"error": {
"type": "urn:ietf:params:acme:error:unauthorized",
"detail": "Incorrect TXT record \"w1YuxWJUAjlyAe-5C4Nd00ZNEIuR9a9sE2PRtX3TObM\" found at _acme-challenge.kuyil.net",
"status": 403
},
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/challenge/E3avy4tegV9mUT5TeA-ms8LBgIntmmNN-FxeqxOfZCw/302086861",
"token": "CbwWE6IFeiwiioUxY3U5XmZm65H43S9B8rpLJB_w2-U"
}