I am using @serverco’s getssl client to renew a certificate for one of my domains. However, the process is failing with “DNS problem: NXDOMAIN looking up TXT for _acme-challenge.s007.co”. I believe the issue is to do with the domain’s DNS being cached by the ACME servers, preventing it from issuing a certificate.
I have removed the token from the DNS after the failure (because otherwise the ACME servers won’t know which one to use the next time I run it) which is why you’re not seeing it.
The config and scripts work fine for every other domain I have, it is just this domain that has issues.
The ACME server will just check it is one of the values if there is more than one - so you don’t need to delete it for that reason ( it is good to tidy up of course, but for testing it’s fine to leave it there).
Can you run it again please, leaving the token there, and provide a copy of the output to the script please. (possibly in pastebin.com)
All the spydar007.com domains are fine, the s007.co is a SANS and has worked fine previously.
It actually looks like the token is being incorrectly added to the zone file (it has three records, none of which correspond to the challenge in the paste).
This comes back to an issue I was having months ago where various people couldn’t access that domain, with an NXDOMAIN error. It’s almost as if the DNS nameservers are set incorrectly with the registrar (they aren’t, and I have checked with them and have said everything is fine from their end), and that my DNS servers cannot be contacted.
I’ll have to investigate this further, but thanks for your help.