NXDOMAIN looking up TXT for _acme-challenge.ch.cryptospaceus.com

I'm following this guide: Easy, Let’s Encrypt Certificates on AWS | HackerNoon which, unfortunately provides no guidance on how to set up the DNS. I understand that I need to create a TXT record for the challenge to succeed. what I don't know is what value to use. where to get that. help?

My domain is: cryptospaceus.com

I ran this command:

DN=cryptospaceus.com
certbot certonly --non-interactive --manual \
      --manual-auth-hook "./auth-hook.sh UPSERT $DN" \
      --manual-cleanup-hook "./auth-hook.sh DELETE $DN" \
      --preferred-challenge dns \
      --config-dir "./letsencrypt" \
      --work-dir "./letsencrypt" \
      --logs-dir "./letsencrypt" \
      --agree-tos \
      --manual-public-ip-logging-ok \
      --domains ch.$DN \
      --email admin@cryptospace.exchange

where the auth hook is defined in the guide I'm following

It produced this output:

Saving debug log to /home/ubuntu/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Obtaining a new certificate
Performing the following challenges:
dns-01 challenge for ch.cryptospaceus.com
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. ch.cryptospaceus.com (dns-01): urn:acme:error:dns :: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.ch.cryptospaceus.com

IMPORTANT NOTES:

• The following errors were reported by the server:

  Domain: ch.cryptospaceus.com
  Type: None
  Detail: DNS problem: NXDOMAIN looking up TXT for
  _acme-challenge.ch.cryptospaceus.com

My web server is (include version): nginx/1/14.0

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is: AWS

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
WIX

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): v0.23.0

Hi @ekkis

looks like you have found a solution ( https://check-your-website.server-daten.de/?q=ch.cryptospaceus.com ):

There is a new certificate:

and a good-looking TXT entry:

. TXT - Entries

But I can't see if you use that certificate, https has a timeout.

But if this is an internal domain, that's not a problem.

thanks for replying. I think the thing is the guide I was following is designed to create certificates when your domain is hosted at AWS because the scripts it provides use the AWS CLI to do the work. in my case, my service is hosted on AWS but the domain is at WIX so the script isn’t going to work. so now I need to figure out what the standard way of creating certs is.

I tried running certbox without the automation for AWS and it gave me a code I could use to put in the TXT record but then WIX takes forever to make the record available and the certbox waits but I had to cancel, so now I have to do it again

is there a way I can get certbot to give me the value it wants such that I can come back later (when the record is available) and generate the certs?

That can't work. Your nameserver ( https://check-your-website.server-daten.de/?q=ch.cryptospaceus.com ):

ch.cryptospaceus.com
	•  ns2.wixdns.net
	216.239.36.100	•

but the scrit tries to contact aws. Does Wix support a nameserver API? If not, you have to use --manual, that should always work. But you can't automate that.

Isn't it possible to have a running webserver there?

http is blocked, so change your firewall settings.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.