Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: time4living.net
I ran this command: not directly. I’m using “traefik” and “acme-dns” as docker container running on a qnap nas. More details following later
It produced this output: TXT record not found
My web server is (include version): Apache, not sure about the version
The operating system my web server runs on is (include version): Linux, also version not known
My hosting provider, if applicable, is: United Domains
I can login to a root shell on my machine (yes or no, or I don’t know): yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): Yes
The version of my client is (e.g. output of
certbot --version or
certbot-auto --version if you’re using Certbot): traefik 1.7.14
Hopefully anybody of you can help. I think the problem could be related to the configuration of DNS entries.
I have a qnap nas with running traefik docker, who is taking care of getting the certificates. traefik uses acme to get the certificates. I switched over to the dns challenge because I do not have a static IP address. As my provider United domains doesn’t have the possibility to update the TXT fields automatically I needed to create an own little name server. Therefore I have acme-dns running as docker.
Following the documentation I was able to get the things running, but only if I’m using A-records.
The following configuration with A-Records is working:
Configuration in United Domains, creating a subdomain for the acme-dns.
auth.time4living.net NS starXYZ.myqnapcloud.com
This entry is pointing to my nas. starXYZ.myqnapcloud.com is a DDNS
acme-dns was configured as following:
This leads to a soa record: auth.time4living.net. IN SOA starXYZ.myqnapcloud.com. email@example.com.
Beside that SOA I configured the following entries:
auth.time4living.net. IN NS starXYZ.myqnapcloud.com.
auth.time4living.net. IN A 79.x.y.z
So everything is working and I am able to get new certificates.
The a-record is needed as site is used as auth.time4living.net/register to get the relevant data for the TXT fields.
The recevied data, which i can see in the output of traefik is added to the United domains records.
This looks like:
_acme-challenge.traefik.time4living.net. IN CNAME GUID.auth.time4living.net (where guid is a generated guid given from acme-dns.
After this i restart traefik and once done I am able to get a certificate.
Once done I’m still able to receive a guid domain for new domains I want to have a certificate. Still I’m creating the DNS record in United domains and I am restarting traefik to do the validation.
In acme-dns I see that there are some requests, but compared to the A-record version there a less requests leading the the message, that the TXT-record couldn’t be received from ns.udag.de, which is one name server of United domains.
Therefore it looks like that for some reason LetsEncrypt is maybe falling back to the name server from United domains.
Is there anything wrong in the DNS records?
Is there anything missing?
Or is it not possible in the way I want to use the dns challenge and it is necessary to use an A-record.
I hope you could help. I don’t have any ideas what to do to solve that problem in my configuration with a qnap nas, United domains, traefik and acme-dns using the dns-challenge.
Thanks a lot.