No TXT record found after long propagation wait

Help
1

Hello,
We have an issue on this TXT record for dns-01. We thought that it was just a propagation issue but we have tried all scenarios by trying to wait 10 sec, 60 sec, even over 4 hour straight on hold but unfortunately the _acme-challenge.tag-ip.com remains not found.

Anyone have already experienced this kind of issue? could anyone help on which part should we troubleshoot first?

Thanks

My domain is : tag-ip.com

I ran this command: # certbot certonly -v --dns-cloudflare --dns-cloudflare-propagation-seconds 60 --dns-cloudflare-credentials ~/.secrets/certbot/cloudfl
are.ini -d ".api.tag-ip.com" -d ".auth.tag-ip.com" -d ".forms.tag-ip.com" -d ".reporter.tag-ip.com" -d "*.tag-ip.com" -d "tag-ip.com"

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator dns-cloudflare, Installer None

An RSA certificate named api.tag-ip.com already exists. Do you want to update
its key type to ECDSA?

(U)pdate key type/(K)eep existing key type: U
Renewing an existing certificate for *.api.tag-ip.com and 5 more domains
Performing the following challenges:
dns-01 challenge for tag-ip.com
Waiting 60 seconds for DNS changes to propagate
Waiting for verification...
Challenge failed for domain tag-ip.com
dns-01 challenge for tag-ip.com

Certbot failed to authenticate some domains (authenticator: dns-cloudflare). The Certificate Authority reported these problems:
Domain: tag-ip.com
Type: unauthorized
Detail: No TXT record found at _acme-challenge.tag-ip.com

Hint: The Certificate Authority failed to verify the DNS TXT records created by --dns-cloudflare. Ensure the above domains are hosted by this DNS p
rovider, or try increasing --dns-cloudflare-propagation-seconds (currently 60 seconds).

Cleaning up challenges
Some challenges have failed.

My web server is (include version): nginx

The operating system my web server runs on is (include version): Debian 10 strectch

My hosting provider, if applicable, is: myself

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 2.8.0

2

Your client seems to be stuffing the TXT record without cleaning up. Try deleting the TXT record that's there and try again:

dig _acme-challenge.tag-ip.com -t TXT

; <<>> DiG 9.18.12-0ubuntu0.22.04.3-Ubuntu <<>> _acme-challenge.tag-ip.com -t TXT
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38819
;; flags: qr rd ad; QUERY: 1, ANSWER: 65, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;_acme-challenge.tag-ip.com.    IN      TXT

;; ANSWER SECTION:
_acme-challenge.tag-ip.com. 0   IN      TXT     "2-dM-r03xEs_GGujkxQ2O23DyAHbrPhU3ei8-3RzbE4"
_acme-challenge.tag-ip.com. 0   IN      TXT     "2J2tsfZ6ZIa9XuIY3SpKDipBbPbWs4a5TtrZQWn3iOc"
_acme-challenge.tag-ip.com. 0   IN      TXT     "4248xdQXDyY3UXAaStnnajD84uRNC8hogqNebblis7c"
_acme-challenge.tag-ip.com. 0   IN      TXT     "6QL5ppCc3STKKD76D0YwVFCsdjF0pJImGLiIZG9dskQ"
_acme-challenge.tag-ip.com. 0   IN      TXT     "6tqb8-7h6ka0t1wjF9hC0Hd74trf7sx3CVqVQOdVTpo"
_acme-challenge.tag-ip.com. 0   IN      TXT     "7xoFjUjxp7cDtPP4u3GZFHH4nIhwCAD5ZH5QtTOxcp0"
_acme-challenge.tag-ip.com. 0   IN      TXT     "8JUF0Re3hAS9kR5ezwU4iW3583NNJ1Mv_ks5CSUhPfc"
_acme-challenge.tag-ip.com. 0   IN      TXT     "Ak7b4IdUGAWQzBDAj0J6Z0Da4MKdX_P1lGwG0efyhls"
_acme-challenge.tag-ip.com. 0   IN      TXT     "BLl1ifBjTxf9QqjaIottzQqCYy2NQhgtMBiGewO0Pj4"
_acme-challenge.tag-ip.com. 0   IN      TXT     "CGN3N_YWjRTXyhkJ9DKTX7bHq-ttri5eCkZ3TWC5L70"
_acme-challenge.tag-ip.com. 0   IN      TXT     "D2sD4cqQWzhrKdI4dzp0KNoDPA22ZtGHxlPNsbcuCws"
_acme-challenge.tag-ip.com. 0   IN      TXT     "DyRYGULHQRDF2fLXbfQgwtB5453vwZBZaQWlYbKXg7U"
_acme-challenge.tag-ip.com. 0   IN      TXT     "F1mXqIu0zhBGiBhT3c33ulemZe_cI6AMGH5S-ouWhM4"
_acme-challenge.tag-ip.com. 0   IN      TXT     "GQs8fxQl9wPncBQ7Jj2s8ClYz_HVQU4oT7YNTxRSE_Q"
_acme-challenge.tag-ip.com. 0   IN      TXT     "GZqdJTo1PpoUZDlzHEZ3APxLt9NzJfIFBNrc0j3bBpA"
_acme-challenge.tag-ip.com. 0   IN      TXT     "GxOGNKWzH9b1Gc2c7kEffaQ5WRRH2TVB9ud6UeAFiU4"
_acme-challenge.tag-ip.com. 0   IN      TXT     "H3_UZsNz2leJy825531T4wa4wOohNkyHGaUCHN-I6RM"
_acme-challenge.tag-ip.com. 0   IN      TXT     "HOJ293yvsr0D4x7DZ4kIb8azofOS7Cv2MSeLPysu20Y"
_acme-challenge.tag-ip.com. 0   IN      TXT     "HZPgl4r8UEEge4D0vgNpJpnWj1l1FzDjY7CQqCp_Z7c"
_acme-challenge.tag-ip.com. 0   IN      TXT     "I8jhZYM32xtN8JAK6ExkLDyaB7lZUOsyIDiim7iekKk"
_acme-challenge.tag-ip.com. 0   IN      TXT     "LLWqUOvJnaM8LZfFQvL5FVjHOF9bNfXbOhr_RiLiHOs"
_acme-challenge.tag-ip.com. 0   IN      TXT     "MFH8pRvFCpwdzvDVU0uM2qPsBARRi6bNXiqHs3-Dzy4"
_acme-challenge.tag-ip.com. 0   IN      TXT     "O4Y85SJGX3TB-3t3AArO0o_9c-bWTCmh6HNxpjinXHA"
_acme-challenge.tag-ip.com. 0   IN      TXT     "OcB4RJDlWuGV_THoAJVMj5njB_iUxKUYqBpsv58EZAA"
_acme-challenge.tag-ip.com. 0   IN      TXT     "PwGu1NyVNUQji_UTTy_cAYc9JjNxxHJZNWVwY1EFx5U"
_acme-challenge.tag-ip.com. 0   IN      TXT     "QHAISRytdLnyFYpFA0woNOkPhpM4-Pap41xpNRu4UzM"
_acme-challenge.tag-ip.com. 0   IN      TXT     "QUjxTgIYYHYf7FLc3WaI3QPhi_MTuAhkn30zS56FUjQ"
_acme-challenge.tag-ip.com. 0   IN      TXT     "QtTC3h2uwIIeBEHkrLF_zBiyplgM5tYXhTB0_sGD3Dk"
_acme-challenge.tag-ip.com. 0   IN      TXT     "S2ZTOQCoICgM9ES0GATWW6X4Kxay8h17cTTMOTeSbFU"
_acme-challenge.tag-ip.com. 0   IN      TXT     "ULzfvvSJ7ByKuQGZBLyqD_lbx8t-1YcumshDrSaPk5g"
_acme-challenge.tag-ip.com. 0   IN      TXT     "VFHK828tgM-b6811jYYNRxwEG4gHJtCAYWb0g-E46xs"
_acme-challenge.tag-ip.com. 0   IN      TXT     "VQzAZMAFFFx7M7xkvHJPBEpgjitAaHyzkqBUmaaEjAA"
_acme-challenge.tag-ip.com. 0   IN      TXT     "XTUaZrdGcjS2VVdxdVZ-7jr5NFzyF3reUKDfBhrPkek"
_acme-challenge.tag-ip.com. 0   IN      TXT     "XYnzNPGvZeUzqXRy8g2HLCI2JbORO9ogZb7xNeAnF58"
_acme-challenge.tag-ip.com. 0   IN      TXT     "ZCNXsM55vSeioufY-CSxUuX--LpxmdYr2lYtgFapwjQ"
_acme-challenge.tag-ip.com. 0   IN      TXT     "ZW-63rlM9__OKl1HOg97qsfs0SgcbAo4FnpgCwVC6mA"
_acme-challenge.tag-ip.com. 0   IN      TXT     "ZkA3lniRfB4zqCCOEmyAL9awfdV1NPeggtr-U7QkgBA"
_acme-challenge.tag-ip.com. 0   IN      TXT     "aJXxszuAb-0_KkQH2m-nmJ3-qxuDh2mH4KOpHbsM2Lo"
_acme-challenge.tag-ip.com. 0   IN      TXT     "aMn1A1c4jstT5jhbuhZqoUt8lB8pBgq2gIE0Sxa65hI"
_acme-challenge.tag-ip.com. 0   IN      TXT     "aOqixgxll62r5mueipT9uxlUUxYWHVvipVlV5ePWAdI"
_acme-challenge.tag-ip.com. 0   IN      TXT     "ay0qTqw9-R0b5oPcMvLfGzGN3AoHusYYC7iRilcY0zg"
_acme-challenge.tag-ip.com. 0   IN      TXT     "bPZyt0hJmAs3L2XQp4jVx7sxoQqG9JGaeZ3rGeHqEVQ"
_acme-challenge.tag-ip.com. 0   IN      TXT     "bppKc1v6zRy3Xc1QrQnH2cHwC8ETyUqsTliDc7c9B8w"
_acme-challenge.tag-ip.com. 0   IN      TXT     "eTVU5wA5hbc9L_Iy0nC0oYRZn135brbjBoB2NNkpUp4"
_acme-challenge.tag-ip.com. 0   IN      TXT     "fQQiyB26zZjPUEEl4T6boeCiesTkMy8Jf7Qf78gmkjU"
_acme-challenge.tag-ip.com. 0   IN      TXT     "fuMDinuJTzpePhx3MfFBVktZbKqZ1DkjyiuQcNNLgw0"
_acme-challenge.tag-ip.com. 0   IN      TXT     "gIbq-ulqre8zkjGB3kvlvn_HlzHB_d52Z4nGDdBraW8"
_acme-challenge.tag-ip.com. 0   IN      TXT     "gKFYhiMXK_5MDw6XE7ZrhzXG7zW-PMDEx0J9xMjbieM"
_acme-challenge.tag-ip.com. 0   IN      TXT     "hLYvRXfCbLfbTWlKGqA-xEOgOEOOOvAbWe4i4hplk7s"
_acme-challenge.tag-ip.com. 0   IN      TXT     "hniNIQr2skbp_L2CJaGuAl6ncZ5Y28qGsmaFS_3G5kg"
_acme-challenge.tag-ip.com. 0   IN      TXT     "iVsKC2E5F4GLXF1sMzxVR5KW3-876A65UYDzgZXlYas"
_acme-challenge.tag-ip.com. 0   IN      TXT     "lGd_glFlJSfifwBuqPoOkpkRQURHBRX1XEV5vepSXtA"
_acme-challenge.tag-ip.com. 0   IN      TXT     "mNN1X2dyO0J5Tnot2RwYJAYQ8BtADZ9n24CMT4TGgMg"
_acme-challenge.tag-ip.com. 0   IN      TXT     "o2izqbYOD8iXeAj8c0t43thZ7_RSoY9pLyFz9M63lfQ"
_acme-challenge.tag-ip.com. 0   IN      TXT     "oyPHI_NwPxR7V72q3W-NVuWjq6KDpQd2GVYMHlpDZto"
_acme-challenge.tag-ip.com. 0   IN      TXT     "q7l8X7nGQKrXoiZ6zrYQgZwJQWtu9WhXDX-JdlWwLxQ"
_acme-challenge.tag-ip.com. 0   IN      TXT     "qCZVp_iV93LDXzNiokDQWTuJ9tXNCKLJLqKwScCNAnQ"
_acme-challenge.tag-ip.com. 0   IN      TXT     "qJ2MW-WT3ePEn8BNS01Lts2PAiQye-CAecrOKs46RnQ"
_acme-challenge.tag-ip.com. 0   IN      TXT     "rIsJmFyL6MpOxyKcjlPfeAYxvK8qGm5_a76pY75yydU"
_acme-challenge.tag-ip.com. 0   IN      TXT     "u9Yph_B2m0odRITRmhAaqL0lifNfI2znl-MpcRj2Stw"
_acme-challenge.tag-ip.com. 0   IN      TXT     "uJDkMHpCAQWJ5PukJIDydTRAzIrAr7YtuoUwD2CUPoo"
_acme-challenge.tag-ip.com. 0   IN      TXT     "uvDqH1QVmiu2jf3rtOnnWLhOJFIa3RTLtm1p2y4oHC4"
_acme-challenge.tag-ip.com. 0   IN      TXT     "xLdWwR-7IXQH0dbzcuneuKCfKrcYo_cffVydNSuDL3o"
_acme-challenge.tag-ip.com. 0   IN      TXT     "y98HIBYj1kDr3ZPAsBiIVlERAn71szmcRrBKfCuSJ88"
_acme-challenge.tag-ip.com. 0   IN      TXT     "ydnqBuuD4qVX8mxKA2fPcXEv9Dk5-uZkXe_8SVcAt0M"
3 Likes
3

you are using bookmyname.com as main nameserver but added CNAME at _acme-challenge subdomain to cloudflare : that setting need additnal setup, not sure certbot have that option

2 Likes
4

I've already removed some TXT records related to this but I was pretty concerned for the existing TXT which the domain were still using. But I guess I was wrong, past trauma may haunt your future health, :grin:
I had to remove all remaining TXT and that's all, it did run perfectly.
Thanks to you @webprofusion

3 Likes
5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.