Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: radek-test.zcom.cz
I ran this command:
It produced this output:
My web server is (include version):
The operating system my web server runs on is (include version):
Debian
My hosting provider, if applicable, is:
From the last week automatically generating certificates using DNS stopped working. Now I try to figure out where the problem is. I am able to create an order: https://acme-v02.api.letsencrypt.org/acme/order/124904777/9969343491
I am able to set TXT record:
_acme-challenge.radek-test.zcom.cz. 300 IN TXT "uEJ0Lp_CRTauuR-lHeU5a-DasOo7S_e_M_Gww42oUEg"
But the order is still pending. Why is that? Am I missing something?
If I call verifyPendingOrderAuthorization nothing happened. Still pending. How can I force LE to do the verification?
Thank you
I changed the forum for this post from ClientDev to Help.
Your issue appears to either be a question about using this client, or a bug with it. I haven't seen issues regarding this client posted here before, so I think your best chance at getting help is to reach out to it's developers via GitHub issues. Someone here may know how to help, but your best option is going to be with that group.
You could also try using another client.
If an order is still "pending" it means there are still challenges left that have not been attempted. Orders switch to "ready" once all challenges have been successfully completed, or any challenge in the order has failed.
I'm interested to learn why LEClient suddenly fails to successfully check your DNS challenge?
Unfortunately I wasn't able to get LEClient working on my Gentoo system.. I'm not working with PHP that often any more and Composer isn't a regular thing on Gentoo systems, so I wasn't able to install it properly.. So I can't figure it out myself.
the lines @totoropy pointed to for the checkDNSChallenge -- are making/parsing a google public-dns json response. i would throw some print statements in there, to see what their response is. that would probably help isolate the issue. perhaps their systems can't read the dns (for any reasons) or perhaps their json format changed?
To me it looks like when they previously parsed the Google DNS query their object wrapped the answer value in quotes, which may have been a bug or a change in default behavior in PHPs json_decode - or their code just never worked. My last serious amount of development using PHP was in 1998, so I have no idea how it's supposed to handle JSON normally
My CertSage ACME client is written entirely in PHP. I wrote a wrapper around the stock JSON encode and decode functions to format correctly for the ACME transactions.