Letsencrypt renew SSL failure with DNS problem: NXDOMAIN looking up TXT for _acme-challenge

hi guys i have a problem while performing ssl renewal

My domain is: kontrakhukum.com

I ran this command: sudo certbot certonly --cert-name kontrakhukum.com --dns-cloudflare --dns-cloudflare-credentials /etc/letsencrypt/cloudflareapi.cfg --server https://acme-v02.api.letsencrypt.org/directory -d “*.kontrakhukum.com” -d kontrakhukum.com

It produced this output:
dns-01 challenge for kontrakhukum.com
Unsafe permissions on credentials configuration file: /etc/letsencrypt/cloudflareapi.cfg
Starting new HTTPS connection (1): api.cloudflare.com
Waiting 10 seconds for DNS changes to propagate
Waiting for verification…
Challenge failed for domain kontrakhukum.com
dns-01 challenge for kontrakhukum.com
Cleaning up challenges
Starting new HTTPS connection (1): api.cloudflare.com
Some challenges have failed.


  • The following errors were reported by the server:

    Domain: kontrakhukum.com
    Type: dns
    Detail: DNS problem: NXDOMAIN looking up TXT for
    _acme-challenge.kontrakhukum.com - check that a DNS record exists
    for this domain

My web server is (include version): nginx 1.17.6

The operating system my web server runs on is (include version): cent os 7

My hosting provider, if applicable, is: godaddy

I can login to a root shell on my machine (yes or no, or I don’t know): no

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 1.4.0

1 Like

Your domain is not setup to use Cloudflare’s nameservers, it is using GoDaddy’s.

If you want to use Cloudflare, you need to login to your GoDaddy control panel and change the nameserver registration to those that Cloudflare has allocated you: https://www.godaddy.com/help/change-nameservers-for-my-domains-664

If you’ve already done that, you probably just need to wait it out, because the change hasn’t propagated to the .com nameservers yet.


Thanks for your insights about this, first i thought this was a problem only with txt challenge, but it turns out to changing the nameservers. I expect to renew my wildcard ssl with cloudflare because i think it will solve limit to issued the certificate.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.