Greetings,
When trying to verify DNS authorizations, checking the _acme-challenge succeeds locally but acme returns order status as invalid and DNS verification fails. Can someone please point out why DNS verification is not succeeding here and what's causing the order invalid status?. We even tried to validate DNS challenge after few hours of adding the _acme-challenge TXT record on DNS.
Full log is attached below
https://dns.google.com/resolve?name=_acme-challenge.brendamc.com&type=TXT should return h6OZjIyAIsPFMLYHtdurQmulflraFfEwLq6mY4mBawg -> OK
https://dns.google.com/resolve?name=_acme-challenge.brendamc.com&type=TXT should return zEvJkFQ8V6LRuAOBo2SEDnK-6Mp9F9S-r5xpOxl9tPg -> OK
**Local check - All DNS challenges verified**
[20-01-2022 11:09:24] :
Array
(
[request] => GET https://acme-staging-v02.api.letsencrypt.org/directory
[header] => HTTP/2 200
server: nginx
date: Thu, 20 Jan 2022 11:09:24 GMT
content-type: application/json
content-length: 822
cache-control: public, max-age=0, no-cache
x-frame-options: DENY
strict-transport-security: max-age=604800
[status] => 200
[body] => Array
(
[VhuX4vvZaaA] => https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417
[keyChange] => https://acme-staging-v02.api.letsencrypt.org/acme/key-change
[meta] => Array
(
[caaIdentities] => Array
(
[0] => letsencrypt.org
)
[termsOfService] => https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf
[website] => https://letsencrypt.org/docs/staging-environment/
)
[newAccount] => https://acme-staging-v02.api.letsencrypt.org/acme/new-acct
[newNonce] => https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce
[newOrder] => https://acme-staging-v02.api.letsencrypt.org/acme/new-order
[renewalInfo] => https://acme-staging-v02.api.letsencrypt.org/get/draft-aaron-ari/renewalInfo/
[revokeCert] => https://acme-staging-v02.api.letsencrypt.org/acme/revoke-cert
)
)
[20-01-2022 11:09:24] :
Array
(
[request] => HEAD https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce
[header] => HTTP/2 200
server: nginx
date: Thu, 20 Jan 2022 11:09:24 GMT
cache-control: public, max-age=0, no-cache
link: ;rel="index"
replay-nonce: 0001I4DB1ltqnCpapommIcKITl9Xr8ekDyx1WdjiKXNbjgY
x-frame-options: DENY
strict-transport-security: max-age=604800
[status] => 200
[body] =>
)
[20-01-2022 11:09:24] :
Array
(
[request] => POST https://acme-staging-v02.api.letsencrypt.org/acme/new-acct
[header] => HTTP/2 200
server: nginx
date: Thu, 20 Jan 2022 11:09:24 GMT
content-type: application/json
content-length: 897
boulder-requester: 41145468
cache-control: public, max-age=0, no-cache
link: ;rel="index"
location: https://acme-staging-v02.api.letsencrypt.org/acme/acct/41145468
replay-nonce: 0001OztoQVGhdXWBPkBEHdg3tZvSP5IL2N4WZMKl-dI6-0w
x-frame-options: DENY
strict-transport-security: max-age=604800
[status] => 200
[body] => Array
(
[key] => Array
(
[kty] => RSA
[n] => r9KKIANy7AXWYPkvJjRYO9E28XYgw7_0vXRMIRUm7uBJG7_4w_2t9aKw6HD7nvHDUCj4UwvP4pTd1tB9FBFBQMD2kVlVedLm1seeatz3aXlARLzk6tPqG0PPwslrMZsGZdH368J1yLrWoAhn-MwZP2lLlA9GaJ5KYNTc9bZnCvDUnnIjOx1f9wkgq3QMRLFEzBHc2zDVGzsiQ9SwzojyBhxGaLCSN_NpBTEypTbW5eJu5zox4N2i7hegR0eU-fzs6uE2ZJu7qyJixs89AI9CwO6rzqnEjB34qA38TXauYxp6SU_jo11qSMWsbsnopbAFnOP3htfV0CxkDgwXjz595gTC8e6xb6egiCSnDGN4_-jC3KInx0uHsF8ZUBCBN5U_HiNDQjGizpFC2UoWAZK9vh3OwDb9p7k1G808Kz4GmUi6sLCs4Gjp5TD_eEjbsHhcwa_YJ9q_S76GHj8WJwur6HUlB8T8Vn3vX8Th7r2HstEsAOw4ojFyyKd2iZu7zqOmZc5jfRhtuLBNxlUHXGCzh3UhZR6dOizs_En-CIlPRjp4zHl1mlsmwia-4YtehE1EJuNZwixobaTpB1_abkzTZhVGThgSvb64ttr4bDGot2J7rI3qNdRr7Q7cUHrCtsHvtoyYSRj4xBrw2cf3Z3vTBUehiQp3Im9mR_qBDWIW198
[e] => AQAB
)
[contact] => Array
(
[0] => mailto:brendamc@brendamc.com
)
[initialIp] => 209.182.193.192
[createdAt] => 2022-01-20T09:02:21Z
[status] => valid
)
)
[20-01-2022 11:09:24] :
Array
(
[request] => POST https://acme-staging-v02.api.letsencrypt.org/acme/acct/41145468
[header] => HTTP/2 200
server: nginx
date: Thu, 20 Jan 2022 11:09:24 GMT
content-type: application/json
content-length: 897
boulder-requester: 41145468
cache-control: public, max-age=0, no-cache
link: ;rel="index"
link: ;rel="terms-of-service"
replay-nonce: 0001eqcDxhgDIXW_IbXC0GNh1v1CVzpsyc0pp2m3BbTy1T0
x-frame-options: DENY
strict-transport-security: max-age=604800
[status] => 200
[body] => Array
(
[key] => Array
(
[kty] => RSA
[n] => r9KKIANy7AXWYPkvJjRYO9E28XYgw7_0vXRMIRUm7uBJG7_4w_2t9aKw6HD7nvHDUCj4UwvP4pTd1tB9FBFBQMD2kVlVedLm1seeatz3aXlARLzk6tPqG0PPwslrMZsGZdH368J1yLrWoAhn-MwZP2lLlA9GaJ5KYNTc9bZnCvDUnnIjOx1f9wkgq3QMRLFEzBHc2zDVGzsiQ9SwzojyBhxGaLCSN_NpBTEypTbW5eJu5zox4N2i7hegR0eU-fzs6uE2ZJu7qyJixs89AI9CwO6rzqnEjB34qA38TXauYxp6SU_jo11qSMWsbsnopbAFnOP3htfV0CxkDgwXjz595gTC8e6xb6egiCSnDGN4_-jC3KInx0uHsF8ZUBCBN5U_HiNDQjGizpFC2UoWAZK9vh3OwDb9p7k1G808Kz4GmUi6sLCs4Gjp5TD_eEjbsHhcwa_YJ9q_S76GHj8WJwur6HUlB8T8Vn3vX8Th7r2HstEsAOw4ojFyyKd2iZu7zqOmZc5jfRhtuLBNxlUHXGCzh3UhZR6dOizs_En-CIlPRjp4zHl1mlsmwia-4YtehE1EJuNZwixobaTpB1_abkzTZhVGThgSvb64ttr4bDGot2J7rI3qNdRr7Q7cUHrCtsHvtoyYSRj4xBrw2cf3Z3vTBUehiQp3Im9mR_qBDWIW198
[e] => AQAB
)
[contact] => Array
(
[0] => mailto:brendamc@brendamc.com
)
[initialIp] => 209.182.193.192
[createdAt] => 2022-01-20T09:02:21Z
[status] => valid
)
)
[20-01-2022 11:09:24] :
LEClient finished constructing
[20-01-2022 11:09:24] :
GET OR CREATE ORDER: ["brendamc.com","*.brendamc.com"]
[20-01-2022 11:09:24] :
Array
(
[request] => POST https://acme-staging-v02.api.letsencrypt.org/acme/order/41145468/1582410378
[header] => HTTP/2 200
server: nginx
date: Thu, 20 Jan 2022 11:09:24 GMT
content-type: application/json
content-length: 491
cache-control: public, max-age=0, no-cache
link: ;rel="index"
replay-nonce: 0001_pIGofH6_B-3JhZ6y97H1TjOGFeQHCsT-Idntsyugwk
x-frame-options: DENY
strict-transport-security: max-age=604800
[status] => 200
[body] => Array
(
[status] => invalid
[expires] => 2022-01-27T09:02:21Z
[identifiers] => Array
(
[0] => Array
(
[type] => dns
[value] => *.brendamc.com
)
[1] => Array
(
[type] => dns
[value] => brendamc.com
)
)
[authorizations] => Array
(
[0] => https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/1477911868
[1] => https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/1477911878
)
[finalize] => https://acme-staging-v02.api.letsencrypt.org/acme/finalize/41145468/1582410378
)
)
[20-01-2022 11:09:24] :
Array
(
[request] => POST https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/1477911868
[header] => HTTP/2 200
server: nginx
date: Thu, 20 Jan 2022 11:09:24 GMT
content-type: application/json
content-length: 641
boulder-requester: 41145468
cache-control: public, max-age=0, no-cache
link: ;rel="index"
replay-nonce: 0002lOBi3QdyBIwyAudjGj6-iUjmmUp0EXqtAiEsWFWtZx0
x-frame-options: DENY
strict-transport-security: max-age=604800
[status] => 200
[body] => Array
(
[identifier] => Array
(
[type] => dns
[value] => brendamc.com
)
[status] => invalid
[expires] => 2022-01-27T09:02:21Z
[challenges] => Array
(
[0] => Array
(
[type] => dns-01
[status] => invalid
[error] => Array
(
[type] => urn:ietf:params:acme:error:unauthorized
[detail] => Incorrect TXT record "" (and 39 more) found at _acme-challenge.brendamc.com
[status] => 403
)
[url] => https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/1477911868/x_NAtg
[token] => SX7Ur9LbblnS6ThFUm1w0xKOzrQb8yeYQ-PySMr5UCI
[validated] => 2022-01-20T09:02:23Z
)
)
[wildcard] => 1
)
)
[20-01-2022 11:09:25] :
Array
(
[request] => POST https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/1477911878
[header] => HTTP/2 200
server: nginx
date: Thu, 20 Jan 2022 11:09:25 GMT
content-type: application/json
content-length: 664
boulder-requester: 41145468
cache-control: public, max-age=0, no-cache
link: ;rel="index"
replay-nonce: 0002sKLsPPLlzlsWVo1flZcZEjbSZnYpboFWOdrhHgPl2fc
x-frame-options: DENY
strict-transport-security: max-age=604800
[status] => 200
[body] => Array
(
[identifier] => Array
(
[type] => dns
[value] => brendamc.com
)
[status] => invalid
[expires] => 2022-01-27T09:02:21Z
[challenges] => Array
(
[0] => Array
(
[type] => dns-01
[status] => invalid
[error] => Array
(
[type] => urn:ietf:params:acme:error:unauthorized
[detail] => Incorrect TXT record "AqCddpJLCbbU9zsBfYSP7Np-RG15UFPvu90VkV4VIkg" (and 39 more) found at _acme-challenge.brendamc.com
[status] => 403
)
[url] => https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/1477911878/WMd4QA
[token] => zGJtxWhgj1lquDR8myJ04aGzj3bGWHIJIiNXtvPsiyE
[validated] => 2022-01-20T09:02:24Z
)
)
)
)
[20-01-2022 11:09:25] :
Array
(
[0] => WPLEClient\LEAuthorization Object
(
[connector:WPLEClient\LEAuthorization:private] => WPLEClient\LEConnector Object
(
[baseURL] => https://acme-staging-v02.api.letsencrypt.org
[accountKeys] => Array
(
[private_key] => /home/brendamc/public_html/keys//__account//private.pem
[public_key] => /home/brendamc/public_html/keys//__account//public.pem
)
[nonce:WPLEClient\LEConnector:private] => 0002sKLsPPLlzlsWVo1flZcZEjbSZnYpboFWOdrhHgPl2fc
[keyChange] => https://acme-staging-v02.api.letsencrypt.org/acme/key-change
[newAccount] => https://acme-staging-v02.api.letsencrypt.org/acme/new-acct
[newNonce] => https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce
[newOrder] => https://acme-staging-v02.api.letsencrypt.org/acme/new-order
[revokeCert] => https://acme-staging-v02.api.letsencrypt.org/acme/revoke-cert
[accountURL] => https://acme-staging-v02.api.letsencrypt.org/acme/acct/41145468
[accountDeactivated] =>
[log:WPLEClient\LEConnector:private] => 2
)
[authorizationURL] => https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/1477911868
[identifier] => Array
(
[type] => dns
[value] => brendamc.com
)
[status] => invalid
[expires] => 2022-01-27T09:02:21Z
[challenges] => Array
(
[0] => Array
(
[type] => dns-01
[status] => invalid
[error] => Array
(
[type] => urn:ietf:params:acme:error:unauthorized
[detail] => Incorrect TXT record "" (and 39 more) found at _acme-challenge.brendamc.com
[status] => 403
)
[url] => https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/1477911868/x_NAtg
[token] => SX7Ur9LbblnS6ThFUm1w0xKOzrQb8yeYQ-PySMr5UCI
[validated] => 2022-01-20T09:02:23Z
)
)
[log:WPLEClient\LEAuthorization:private] => 2
)
[1] => WPLEClient\LEAuthorization Object
(
[connector:WPLEClient\LEAuthorization:private] => WPLEClient\LEConnector Object
(
[baseURL] => https://acme-staging-v02.api.letsencrypt.org
[accountKeys] => Array
(
[private_key] => /home/brendamc/public_html/keys//__account//private.pem
[public_key] => /home/brendamc/public_html/keys//__account//public.pem
)
[nonce:WPLEClient\LEConnector:private] => 0002sKLsPPLlzlsWVo1flZcZEjbSZnYpboFWOdrhHgPl2fc
[keyChange] => https://acme-staging-v02.api.letsencrypt.org/acme/key-change
[newAccount] => https://acme-staging-v02.api.letsencrypt.org/acme/new-acct
[newNonce] => https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce
[newOrder] => https://acme-staging-v02.api.letsencrypt.org/acme/new-order
[revokeCert] => https://acme-staging-v02.api.letsencrypt.org/acme/revoke-cert
[accountURL] => https://acme-staging-v02.api.letsencrypt.org/acme/acct/41145468
[accountDeactivated] =>
[log:WPLEClient\LEConnector:private] => 2
)
[authorizationURL] => https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/1477911878
[identifier] => Array
(
[type] => dns
[value] => brendamc.com
)
[status] => invalid
[expires] => 2022-01-27T09:02:21Z
[challenges] => Array
(
[0] => Array
(
[type] => dns-01
[status] => invalid
[error] => Array
(
[type] => urn:ietf:params:acme:error:unauthorized
[detail] => Incorrect TXT record "AqCddpJLCbbU9zsBfYSP7Np-RG15UFPvu90VkV4VIkg" (and 39 more) found at _acme-challenge.brendamc.com
[status] => 403
)
[url] => https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/1477911878/WMd4QA
[token] => zGJtxWhgj1lquDR8myJ04aGzj3bGWHIJIiNXtvPsiyE
[validated] => 2022-01-20T09:02:24Z
)
)
[log:WPLEClient\LEAuthorization:private] => 2
)
)
[20-01-2022 11:09:25] :
Array
(
[0] => WPLEClient\LEAuthorization Object
(
[connector:WPLEClient\LEAuthorization:private] => WPLEClient\LEConnector Object
(
[baseURL] => https://acme-staging-v02.api.letsencrypt.org
[accountKeys] => Array
(
[private_key] => /home/brendamc/public_html/keys//__account//private.pem
[public_key] => /home/brendamc/public_html/keys//__account//public.pem
)
[nonce:WPLEClient\LEConnector:private] => 0002sKLsPPLlzlsWVo1flZcZEjbSZnYpboFWOdrhHgPl2fc
[keyChange] => https://acme-staging-v02.api.letsencrypt.org/acme/key-change
[newAccount] => https://acme-staging-v02.api.letsencrypt.org/acme/new-acct
[newNonce] => https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce
[newOrder] => https://acme-staging-v02.api.letsencrypt.org/acme/new-order
[revokeCert] => https://acme-staging-v02.api.letsencrypt.org/acme/revoke-cert
[accountURL] => https://acme-staging-v02.api.letsencrypt.org/acme/acct/41145468
[accountDeactivated] =>
[log:WPLEClient\LEConnector:private] => 2
)
[authorizationURL] => https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/1477911868
[identifier] => Array
(
[type] => dns
[value] => brendamc.com
)
[status] => invalid
[expires] => 2022-01-27T09:02:21Z
[challenges] => Array
(
[0] => Array
(
[type] => dns-01
[status] => invalid
[error] => Array
(
[type] => urn:ietf:params:acme:error:unauthorized
[detail] => Incorrect TXT record "" (and 39 more) found at _acme-challenge.brendamc.com
[status] => 403
)
[url] => https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/1477911868/x_NAtg
[token] => SX7Ur9LbblnS6ThFUm1w0xKOzrQb8yeYQ-PySMr5UCI
[validated] => 2022-01-20T09:02:23Z
)
)
[log:WPLEClient\LEAuthorization:private] => 2
)
[1] => WPLEClient\LEAuthorization Object
(
[connector:WPLEClient\LEAuthorization:private] => WPLEClient\LEConnector Object
(
[baseURL] => https://acme-staging-v02.api.letsencrypt.org
[accountKeys] => Array
(
[private_key] => /home/brendamc/public_html/keys//__account//private.pem
[public_key] => /home/brendamc/public_html/keys//__account//public.pem
)
[nonce:WPLEClient\LEConnector:private] => 0002sKLsPPLlzlsWVo1flZcZEjbSZnYpboFWOdrhHgPl2fc
[keyChange] => https://acme-staging-v02.api.letsencrypt.org/acme/key-change
[newAccount] => https://acme-staging-v02.api.letsencrypt.org/acme/new-acct
[newNonce] => https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce
[newOrder] => https://acme-staging-v02.api.letsencrypt.org/acme/new-order
[revokeCert] => https://acme-staging-v02.api.letsencrypt.org/acme/revoke-cert
[accountURL] => https://acme-staging-v02.api.letsencrypt.org/acme/acct/41145468
[accountDeactivated] =>
[log:WPLEClient\LEConnector:private] => 2
)
[authorizationURL] => https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/1477911878
[identifier] => Array
(
[type] => dns
[value] => brendamc.com
)
[status] => invalid
[expires] => 2022-01-27T09:02:21Z
[challenges] => Array
(
[0] => Array
(
[type] => dns-01
[status] => invalid
[error] => Array
(
[type] => urn:ietf:params:acme:error:unauthorized
[detail] => Incorrect TXT record "AqCddpJLCbbU9zsBfYSP7Np-RG15UFPvu90VkV4VIkg" (and 39 more) found at _acme-challenge.brendamc.com
[status] => 403
)
[url] => https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/1477911878/WMd4QA
[token] => zGJtxWhgj1lquDR8myJ04aGzj3bGWHIJIiNXtvPsiyE
[validated] => 2022-01-20T09:02:24Z
)
)
[log:WPLEClient\LEAuthorization:private] => 2
)
)
GET PENDING AUTHS: false
[20-01-2022 11:09:25] :
Array
(
[request] => POST https://acme-staging-v02.api.letsencrypt.org/acme/order/41145468/1582410378
[header] => HTTP/2 200
server: nginx
date: Thu, 20 Jan 2022 11:09:25 GMT
content-type: application/json
content-length: 491
cache-control: public, max-age=0, no-cache
link: ;rel="index"
replay-nonce: 000206EJ3bd7zUdAK0oKHoR1QI5m1bp8XxSx9iLbq9Lrvw0
x-frame-options: DENY
strict-transport-security: max-age=604800
[status] => 200
[body] => Array
(
[status] => invalid
[expires] => 2022-01-27T09:02:21Z
[identifiers] => Array
(
[0] => Array
(
[type] => dns
[value] => *.brendamc.com
)
[1] => Array
(
[type] => dns
[value] => brendamc.com
)
)
[authorizations] => Array
(
[0] => https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/1477911868
[1] => https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/1477911878
)
[finalize] => https://acme-staging-v02.api.letsencrypt.org/acme/finalize/41145468/1582410378
)
)
[20-01-2022 11:09:25] :
Array
(
[request] => POST https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/1477911868
[header] => HTTP/2 200
server: nginx
date: Thu, 20 Jan 2022 11:09:25 GMT
content-type: application/json
content-length: 641
boulder-requester: 41145468
cache-control: public, max-age=0, no-cache
link: ;rel="index"
replay-nonce: 0002EGxAYhom1hEzP1UzKwuE-4pE95-MEaFAujE0VhQp-Ew
x-frame-options: DENY
strict-transport-security: max-age=604800
[status] => 200
[body] => Array
(
[identifier] => Array
(
[type] => dns
[value] => brendamc.com
)
[status] => invalid
[expires] => 2022-01-27T09:02:21Z
[challenges] => Array
(
[0] => Array
(
[type] => dns-01
[status] => invalid
[error] => Array
(
[type] => urn:ietf:params:acme:error:unauthorized
[detail] => Incorrect TXT record "" (and 39 more) found at _acme-challenge.brendamc.com
[status] => 403
)
[url] => https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/1477911868/x_NAtg
[token] => SX7Ur9LbblnS6ThFUm1w0xKOzrQb8yeYQ-PySMr5UCI
[validated] => 2022-01-20T09:02:23Z
)
)
[wildcard] => 1
)
)
[20-01-2022 11:09:25] :
Array
(
[request] => POST https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/1477911878
[header] => HTTP/2 200
server: nginx
date: Thu, 20 Jan 2022 11:09:25 GMT
content-type: application/json
content-length: 664
boulder-requester: 41145468
cache-control: public, max-age=0, no-cache
link: ;rel="index"
replay-nonce: 0002jLBeAmzEF6rAFR5keMRrbeLuoUsql8Pykmp6OS2Pldc
x-frame-options: DENY
strict-transport-security: max-age=604800
[status] => 200
[body] => Array
(
[identifier] => Array
(
[type] => dns
[value] => brendamc.com
)
[status] => invalid
[expires] => 2022-01-27T09:02:21Z
[challenges] => Array
(
[0] => Array
(
[type] => dns-01
[status] => invalid
[error] => Array
(
[type] => urn:ietf:params:acme:error:unauthorized
[detail] => Incorrect TXT record "AqCddpJLCbbU9zsBfYSP7Np-RG15UFPvu90VkV4VIkg" (and 39 more) found at _acme-challenge.brendamc.com
[status] => 403
)
[url] => https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/1477911878/WMd4QA
[token] => zGJtxWhgj1lquDR8myJ04aGzj3bGWHIJIiNXtvPsiyE
[validated] => 2022-01-20T09:02:24Z
)
)
)
)
[20-01-2022 11:09:25] :
Array
(
[0] => WPLEClient\LEAuthorization Object
(
[connector:WPLEClient\LEAuthorization:private] => WPLEClient\LEConnector Object
(
[baseURL] => https://acme-staging-v02.api.letsencrypt.org
[accountKeys] => Array
(
[private_key] => /home/brendamc/public_html/keys//__account//private.pem
[public_key] => /home/brendamc/public_html/keys//__account//public.pem
)
[nonce:WPLEClient\LEConnector:private] => 0002jLBeAmzEF6rAFR5keMRrbeLuoUsql8Pykmp6OS2Pldc
[keyChange] => https://acme-staging-v02.api.letsencrypt.org/acme/key-change
[newAccount] => https://acme-staging-v02.api.letsencrypt.org/acme/new-acct
[newNonce] => https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce
[newOrder] => https://acme-staging-v02.api.letsencrypt.org/acme/new-order
[revokeCert] => https://acme-staging-v02.api.letsencrypt.org/acme/revoke-cert
[accountURL] => https://acme-staging-v02.api.letsencrypt.org/acme/acct/41145468
[accountDeactivated] =>
[log:WPLEClient\LEConnector:private] => 2
)
[authorizationURL] => https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/1477911868
[identifier] => Array
(
[type] => dns
[value] => brendamc.com
)
[status] => invalid
[expires] => 2022-01-27T09:02:21Z
[challenges] => Array
(
[0] => Array
(
[type] => dns-01
[status] => invalid
[error] => Array
(
[type] => urn:ietf:params:acme:error:unauthorized
[detail] => Incorrect TXT record "" (and 39 more) found at _acme-challenge.brendamc.com
[status] => 403
)
[url] => https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/1477911868/x_NAtg
[token] => SX7Ur9LbblnS6ThFUm1w0xKOzrQb8yeYQ-PySMr5UCI
[validated] => 2022-01-20T09:02:23Z
)
)
[log:WPLEClient\LEAuthorization:private] => 2
)
[1] => WPLEClient\LEAuthorization Object
(
[connector:WPLEClient\LEAuthorization:private] => WPLEClient\LEConnector Object
(
[baseURL] => https://acme-staging-v02.api.letsencrypt.org
[accountKeys] => Array
(
[private_key] => /home/brendamc/public_html/keys//__account//private.pem
[public_key] => /home/brendamc/public_html/keys//__account//public.pem
)
[nonce:WPLEClient\LEConnector:private] => 0002jLBeAmzEF6rAFR5keMRrbeLuoUsql8Pykmp6OS2Pldc
[keyChange] => https://acme-staging-v02.api.letsencrypt.org/acme/key-change
[newAccount] => https://acme-staging-v02.api.letsencrypt.org/acme/new-acct
[newNonce] => https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce
[newOrder] => https://acme-staging-v02.api.letsencrypt.org/acme/new-order
[revokeCert] => https://acme-staging-v02.api.letsencrypt.org/acme/revoke-cert
[accountURL] => https://acme-staging-v02.api.letsencrypt.org/acme/acct/41145468
[accountDeactivated] =>
[log:WPLEClient\LEConnector:private] => 2
)
[authorizationURL] => https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/1477911878
[identifier] => Array
(
[type] => dns
[value] => brendamc.com
)
[status] => invalid
[expires] => 2022-01-27T09:02:21Z
[challenges] => Array
(
[0] => Array
(
[type] => dns-01
[status] => invalid
[error] => Array
(
[type] => urn:ietf:params:acme:error:unauthorized
[detail] => Incorrect TXT record "AqCddpJLCbbU9zsBfYSP7Np-RG15UFPvu90VkV4VIkg" (and 39 more) found at _acme-challenge.brendamc.com
[status] => 403
)
[url] => https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/1477911878/WMd4QA
[token] => zGJtxWhgj1lquDR8myJ04aGzj3bGWHIJIiNXtvPsiyE
[validated] => 2022-01-20T09:02:24Z
)
)
[log:WPLEClient\LEAuthorization:private] => 2
)
)
[20-01-2022 11:09:25] :
Array
(
[0] => WPLEClient\LEAuthorization Object
(
[connector:WPLEClient\LEAuthorization:private] => WPLEClient\LEConnector Object
(
[baseURL] => https://acme-staging-v02.api.letsencrypt.org
[accountKeys] => Array
(
[private_key] => /home/brendamc/public_html/keys//__account//private.pem
[public_key] => /home/brendamc/public_html/keys//__account//public.pem
)
[nonce:WPLEClient\LEConnector:private] => 0002jLBeAmzEF6rAFR5keMRrbeLuoUsql8Pykmp6OS2Pldc
[keyChange] => https://acme-staging-v02.api.letsencrypt.org/acme/key-change
[newAccount] => https://acme-staging-v02.api.letsencrypt.org/acme/new-acct
[newNonce] => https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce
[newOrder] => https://acme-staging-v02.api.letsencrypt.org/acme/new-order
[revokeCert] => https://acme-staging-v02.api.letsencrypt.org/acme/revoke-cert
[accountURL] => https://acme-staging-v02.api.letsencrypt.org/acme/acct/41145468
[accountDeactivated] =>
[log:WPLEClient\LEConnector:private] => 2
)
[authorizationURL] => https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/1477911868
[identifier] => Array
(
[type] => dns
[value] => brendamc.com
)
[status] => invalid
[expires] => 2022-01-27T09:02:21Z
[challenges] => Array
(
[0] => Array
(
[type] => dns-01
[status] => invalid
[error] => Array
(
[type] => urn:ietf:params:acme:error:unauthorized
[detail] => Incorrect TXT record "" (and 39 more) found at _acme-challenge.brendamc.com
[status] => 403
)
[url] => https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/1477911868/x_NAtg
[token] => SX7Ur9LbblnS6ThFUm1w0xKOzrQb8yeYQ-PySMr5UCI
[validated] => 2022-01-20T09:02:23Z
)
)
[log:WPLEClient\LEAuthorization:private] => 2
)
[1] => WPLEClient\LEAuthorization Object
(
[connector:WPLEClient\LEAuthorization:private] => WPLEClient\LEConnector Object
(
[baseURL] => https://acme-staging-v02.api.letsencrypt.org
[accountKeys] => Array
(
[private_key] => /home/brendamc/public_html/keys//__account//private.pem
[public_key] => /home/brendamc/public_html/keys//__account//public.pem
)
[nonce:WPLEClient\LEConnector:private] => 0002jLBeAmzEF6rAFR5keMRrbeLuoUsql8Pykmp6OS2Pldc
[keyChange] => https://acme-staging-v02.api.letsencrypt.org/acme/key-change
[newAccount] => https://acme-staging-v02.api.letsencrypt.org/acme/new-acct
[newNonce] => https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce
[newOrder] => https://acme-staging-v02.api.letsencrypt.org/acme/new-order
[revokeCert] => https://acme-staging-v02.api.letsencrypt.org/acme/revoke-cert
[accountURL] => https://acme-staging-v02.api.letsencrypt.org/acme/acct/41145468
[accountDeactivated] =>
[log:WPLEClient\LEConnector:private] => 2
)
[authorizationURL] => https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/1477911878
[identifier] => Array
(
[type] => dns
[value] => brendamc.com
)
[status] => invalid
[expires] => 2022-01-27T09:02:21Z
[challenges] => Array
(
[0] => Array
(
[type] => dns-01
[status] => invalid
[error] => Array
(
[type] => urn:ietf:params:acme:error:unauthorized
[detail] => Incorrect TXT record "AqCddpJLCbbU9zsBfYSP7Np-RG15UFPvu90VkV4VIkg" (and 39 more) found at _acme-challenge.brendamc.com
[status] => 403
)
[url] => https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/1477911878/WMd4QA
[token] => zGJtxWhgj1lquDR8myJ04aGzj3bGWHIJIiNXtvPsiyE
[validated] => 2022-01-20T09:02:24Z
)
)
[log:WPLEClient\LEAuthorization:private] => 2
)
)
GET PENDING AUTHS: false
[20-01-2022 11:09:25] :
Array
(
[request] => POST https://acme-staging-v02.api.letsencrypt.org/acme/order/41145468/1582410378
[header] => HTTP/2 200
server: nginx
date: Thu, 20 Jan 2022 11:09:25 GMT
content-type: application/json
content-length: 491
cache-control: public, max-age=0, no-cache
link: ;rel="index"
replay-nonce: 0002Es2TCciV8psMcZnmlY2G_ALZqR_D35neR7WwNBYBTTc
x-frame-options: DENY
strict-transport-security: max-age=604800
[status] => 200
[body] => Array
(
[status] => invalid
[expires] => 2022-01-27T09:02:21Z
[identifiers] => Array
(
[0] => Array
(
[type] => dns
[value] => *.brendamc.com
)
[1] => Array
(
[type] => dns
[value] => brendamc.com
)
)
[authorizations] => Array
(
[0] => https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/1477911868
[1] => https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/1477911878
)
[finalize] => https://acme-staging-v02.api.letsencrypt.org/acme/finalize/41145468/1582410378
)
)
[20-01-2022 11:09:25] :
Array
(
[request] => POST https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/1477911868
[header] => HTTP/2 200
server: nginx
date: Thu, 20 Jan 2022 11:09:25 GMT
content-type: application/json
content-length: 641
boulder-requester: 41145468
cache-control: public, max-age=0, no-cache
link: ;rel="index"
replay-nonce: 0002q2ytz2Dzr0O9ZNfjxV4R_3hybtg_lms92Yo0q3OytJI
x-frame-options: DENY
strict-transport-security: max-age=604800
[status] => 200
[body] => Array
(
[identifier] => Array
(
[type] => dns
[value] => brendamc.com
)
[status] => invalid
[expires] => 2022-01-27T09:02:21Z
[challenges] => Array
(
[0] => Array
(
[type] => dns-01
[status] => invalid
[error] => Array
(
[type] => urn:ietf:params:acme:error:unauthorized
[detail] => Incorrect TXT record "" (and 39 more) found at _acme-challenge.brendamc.com
[status] => 403
)
[url] => https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/1477911868/x_NAtg
[token] => SX7Ur9LbblnS6ThFUm1w0xKOzrQb8yeYQ-PySMr5UCI
[validated] => 2022-01-20T09:02:23Z
)
)
[wildcard] => 1
)
)
[20-01-2022 11:09:25] :
Array
(
[request] => POST https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/1477911878
[header] => HTTP/2 200
server: nginx
date: Thu, 20 Jan 2022 11:09:25 GMT
content-type: application/json
content-length: 664
boulder-requester: 41145468
cache-control: public, max-age=0, no-cache
link: ;rel="index"
replay-nonce: 0002h7KVii1YDkVu7sXOcoJSKC-lrg8eq5iWCT51ARwkpzE
x-frame-options: DENY
strict-transport-security: max-age=604800
[status] => 200
[body] => Array
(
[identifier] => Array
(
[type] => dns
[value] => brendamc.com
)
[status] => invalid
[expires] => 2022-01-27T09:02:21Z
[challenges] => Array
(
[0] => Array
(
[type] => dns-01
[status] => invalid
[error] => Array
(
[type] => urn:ietf:params:acme:error:unauthorized
[detail] => Incorrect TXT record "AqCddpJLCbbU9zsBfYSP7Np-RG15UFPvu90VkV4VIkg" (and 39 more) found at _acme-challenge.brendamc.com
[status] => 403
)
[url] => https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/1477911878/WMd4QA
[token] => zGJtxWhgj1lquDR8myJ04aGzj3bGWHIJIiNXtvPsiyE
[validated] => 2022-01-20T09:02:24Z
)
)
)
)
[20-01-2022 11:09:25] :
Array
(
[0] => WPLEClient\LEAuthorization Object
(
[connector:WPLEClient\LEAuthorization:private] => WPLEClient\LEConnector Object
(
[baseURL] => https://acme-staging-v02.api.letsencrypt.org
[accountKeys] => Array
(
[private_key] => /home/brendamc/public_html/keys//__account//private.pem
[public_key] => /home/brendamc/public_html/keys//__account//public.pem
)
[nonce:WPLEClient\LEConnector:private] => 0002h7KVii1YDkVu7sXOcoJSKC-lrg8eq5iWCT51ARwkpzE
[keyChange] => https://acme-staging-v02.api.letsencrypt.org/acme/key-change
[newAccount] => https://acme-staging-v02.api.letsencrypt.org/acme/new-acct
[newNonce] => https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce
[newOrder] => https://acme-staging-v02.api.letsencrypt.org/acme/new-order
[revokeCert] => https://acme-staging-v02.api.letsencrypt.org/acme/revoke-cert
[accountURL] => https://acme-staging-v02.api.letsencrypt.org/acme/acct/41145468
[accountDeactivated] =>
[log:WPLEClient\LEConnector:private] => 2
)
[authorizationURL] => https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/1477911868
[identifier] => Array
(
[type] => dns
[value] => brendamc.com
)
[status] => invalid
[expires] => 2022-01-27T09:02:21Z
[challenges] => Array
(
[0] => Array
(
[type] => dns-01
[status] => invalid
[error] => Array
(
[type] => urn:ietf:params:acme:error:unauthorized
[detail] => Incorrect TXT record "" (and 39 more) found at _acme-challenge.brendamc.com
[status] => 403
)
[url] => https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/1477911868/x_NAtg
[token] => SX7Ur9LbblnS6ThFUm1w0xKOzrQb8yeYQ-PySMr5UCI
[validated] => 2022-01-20T09:02:23Z
)
)
[log:WPLEClient\LEAuthorization:private] => 2
)
[1] => WPLEClient\LEAuthorization Object
(
[connector:WPLEClient\LEAuthorization:private] => WPLEClient\LEConnector Object
(
[baseURL] => https://acme-staging-v02.api.letsencrypt.org
[accountKeys] => Array
(
[private_key] => /home/brendamc/public_html/keys//__account//private.pem
[public_key] => /home/brendamc/public_html/keys//__account//public.pem
)
[nonce:WPLEClient\LEConnector:private] => 0002h7KVii1YDkVu7sXOcoJSKC-lrg8eq5iWCT51ARwkpzE
[keyChange] => https://acme-staging-v02.api.letsencrypt.org/acme/key-change
[newAccount] => https://acme-staging-v02.api.letsencrypt.org/acme/new-acct
[newNonce] => https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce
[newOrder] => https://acme-staging-v02.api.letsencrypt.org/acme/new-order
[revokeCert] => https://acme-staging-v02.api.letsencrypt.org/acme/revoke-cert
[accountURL] => https://acme-staging-v02.api.letsencrypt.org/acme/acct/41145468
[accountDeactivated] =>
[log:WPLEClient\LEConnector:private] => 2
)
[authorizationURL] => https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/1477911878
[identifier] => Array
(
[type] => dns
[value] => brendamc.com
)
[status] => invalid
[expires] => 2022-01-27T09:02:21Z
[challenges] => Array
(
[0] => Array
(
[type] => dns-01
[status] => invalid
[error] => Array
(
[type] => urn:ietf:params:acme:error:unauthorized
[detail] => Incorrect TXT record "AqCddpJLCbbU9zsBfYSP7Np-RG15UFPvu90VkV4VIkg" (and 39 more) found at _acme-challenge.brendamc.com
[status] => 403
)
[url] => https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/1477911878/WMd4QA
[token] => zGJtxWhgj1lquDR8myJ04aGzj3bGWHIJIiNXtvPsiyE
[validated] => 2022-01-20T09:02:24Z
)
)
[log:WPLEClient\LEAuthorization:private] => 2
)
)
THERE ARE SOME PENDING VERIFICATIONS. IF NEW DNS RECORDS WERE ADDED, PLEASE RUN THIS INSTALLATION AGAIN AFTER 5-10MINS
You have way to many _acme-challenge.brendamc.com TXT records in the DNS. It is important to clean them up after the domain validation finished (successfully or in failure, doesn't matter).
We did cleared all TXT records earlier and re-started the whole process but it never succeeded. Order status always ended up being 'invalid'. After an invalid order status, can we make acme request to Let's Encrypt to re-validate DNS records?. As per above shared log, re-attempts also failed with invalid status.
It isn't cleaned up. A query executed just now:
pi@raspberrypi:~ $ dig TXT _acme-challenge.brendamc.com @ns1.inmotionhosting.com.
; <<>> DiG 9.11.5-P4-5.1+deb10u6-Raspbian <<>> TXT _acme-challenge.brendamc.com @ns1.inmotionhosting.com.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15634
;; flags: qr aa rd; QUERY: 1, ANSWER: 42, AUTHORITY: 2, ADDITIONAL: 3
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 57103ca5402b4260dc14983161e95d19a6073a437cd16ef2 (good)
;; QUESTION SECTION:
;_acme-challenge.brendamc.com. IN TXT
;; ANSWER SECTION:
_acme-challenge.brendamc.com. 60 IN TXT "CT2vHdbUHIiN6P1PvT8tuXFKL6wx4hdoTjQGtSLEyKQ"
_acme-challenge.brendamc.com. 60 IN TXT "Fzl72kRJ0H0OUtU5s9QlulIAe3ZGrVprUUjYNpOWTB8"
_acme-challenge.brendamc.com. 60 IN TXT "zEvJkFQ8V6LRuAOBo2SEDnK-6Mp9F9S-r5xpOxl9tPg"
_acme-challenge.brendamc.com. 60 IN TXT "atrwT3vFPzdGve6bHTiT5687wW6Wx6hav2I-n7YzvT0"
_acme-challenge.brendamc.com. 60 IN TXT "J1o0DhLYoL-i7QrHakDqc3dwuLWJHPLyiOboSOM1VIA"
_acme-challenge.brendamc.com. 60 IN TXT "dNZahq7NrLOYz71usKsHMKJqLKUXfBcO6NUAOPWg7to"
_acme-challenge.brendamc.com. 60 IN TXT "KCJtJFjUyBbefEGC09E25J6FriUdvsYFkwL4gwYD4HY"
_acme-challenge.brendamc.com. 60 IN TXT "Hqt76IKyW7HAWc-Kpwhe0S2yRPbeOXftTj9cQM-dyU4"
_acme-challenge.brendamc.com. 60 IN TXT "KN9l_Jo-Zz9VMqA0jdZBaIH31mDSINu9Ou-HVgQD9lE"
_acme-challenge.brendamc.com. 60 IN TXT "p85w4uJhKtYtPbWPZbg1jqg8o5ky1U07BolFmdeFtkY"
_acme-challenge.brendamc.com. 60 IN TXT "2i75bMylOm-P4Pp9UV_Dw8pylYQpZNjz13R0FkCbm0A"
_acme-challenge.brendamc.com. 60 IN TXT "FviLuHArcDdVH3UzCzgmu6LE4AnBEX-rWGIpSG6mlbk"
_acme-challenge.brendamc.com. 60 IN TXT "MlXRaZjeOKNVubxiktnDsq9mRUzQ3ITXBmFlgGN7qKQ"
_acme-challenge.brendamc.com. 60 IN TXT "FKo_beqJTRPUGxlZK1zpa3icRNHMeuREbMn0Zpnq29c"
_acme-challenge.brendamc.com. 60 IN TXT "BMTCnF-DNbDGhLKTDkd-iFdUl1oigWHp9JdjCQijSJA"
_acme-challenge.brendamc.com. 60 IN TXT "iPL30izCXqLF2ZwDE0sP8cQsNaWy8wBcjPKZgOVphDw"
_acme-challenge.brendamc.com. 60 IN TXT "pCgP35_0wDjMWLS0a8t7XW6aZ8axzK76vLAj5xBvVj4"
_acme-challenge.brendamc.com. 60 IN TXT "KPHX0uUKQdx9PFJtD7aVYTpiqg7e0mOeM0nBEHxrNlE"
_acme-challenge.brendamc.com. 60 IN TXT "ZwmBpjzqCPtSzHpWQ_R0Uttr5UDSQbXsYe_6EDuOnJA"
_acme-challenge.brendamc.com. 60 IN TXT "OOnESe3J-zfzL2SKlCVYMgGQx1TcIUI9JQMUBBVzWaY"
_acme-challenge.brendamc.com. 60 IN TXT "tnRBrxHdiTIFTNkLQvkzec6VsmVwrXBmcjE7OsmnVGo"
_acme-challenge.brendamc.com. 60 IN TXT "bTg2--NR1HlnuFNEtK2JEdWQvtsZ0-xZ1vJCvBRB0dM"
_acme-challenge.brendamc.com. 60 IN TXT "9jddYFiBfb75b8WugVpziAKcMTmUdq97jxfhpW13zfU"
_acme-challenge.brendamc.com. 60 IN TXT "dv-ee-OPDid2NJoUgHYoONqJ2XIbGT2mVoZHLPv8_UA"
_acme-challenge.brendamc.com. 60 IN TXT "Wfm0DoxL3-feBKXEq_Wzj08urI-Rw6ndMa-1KS3xDRM"
_acme-challenge.brendamc.com. 60 IN TXT "VI29gwy9irzsU3C2AEUaYxRZzDbJB2PxUJDrsug644Q"
_acme-challenge.brendamc.com. 60 IN TXT "AqCddpJLCbbU9zsBfYSP7Np-RG15UFPvu90VkV4VIkg"
_acme-challenge.brendamc.com. 60 IN TXT "uROTQX8Cqxycabee5WOHfMjtWs9ir1Rffl2hFmq_a3s"
_acme-challenge.brendamc.com. 60 IN TXT "h6OZjIyAIsPFMLYHtdurQmulflraFfEwLq6mY4mBawg"
_acme-challenge.brendamc.com. 60 IN TXT "kLh6p69Z_q23YqYv2tEVsIJdqBb6qxOcj44G8Mf5PIM"
_acme-challenge.brendamc.com. 60 IN TXT "Z-vCe4d8QH2mD9MepRDUZpsxQenlWed8XIcA39GTVvs"
_acme-challenge.brendamc.com. 60 IN TXT "LEu3yp_Bw5AWFj3ygkvy3T8bdvwHSzPOiZI4Dgy-fnY"
_acme-challenge.brendamc.com. 60 IN TXT "5KDrDSXDC8z8MjlEj00E70tnnrWHVq2j1HYTM93EphI"
_acme-challenge.brendamc.com. 60 IN TXT "XUstfU8QeFkA1lbwcPJbnfIGb8_I7q2BGbjoZ-lLdTA"
_acme-challenge.brendamc.com. 60 IN TXT ""
_acme-challenge.brendamc.com. 60 IN TXT "479cWuvp_9YNp6awiczqvkkuZkkgVhAp9-COlTkn8BI"
_acme-challenge.brendamc.com. 60 IN TXT "C-99BgLads7OPL0oKTTuAhKzx-JxapSDSzf5IStM-n0"
_acme-challenge.brendamc.com. 60 IN TXT "oe5nbIkNYuvU1kAYko7iJytrltzM-kB0_PGrqPLwDnA"
_acme-challenge.brendamc.com. 60 IN TXT "jLE6CgjFskpC25VcVK9rTxkHPMgNNqJROqJbwpXSYWw"
_acme-challenge.brendamc.com. 60 IN TXT "WHdvR595fc7aYsgFnW5ZzFZpmk7E7IBmHYoETCY2GuI"
_acme-challenge.brendamc.com. 60 IN TXT "uY1pjhDiEHrzFFF3ZXBrFtRDDVzV__R_cDpJqNKnQYM"
_acme-challenge.brendamc.com. 60 IN TXT "9dtQsNyHFpYGNRbnq-AImfYHKSjEH3JW7g1ilGN3UzU"
;; AUTHORITY SECTION:
brendamc.com. 86400 IN NS ns1.inmotionhosting.com.
brendamc.com. 86400 IN NS ns2.inmotionhosting.com.
;; ADDITIONAL SECTION:
ns1.inmotionhosting.com. 14400 IN A 74.124.210.242
ns2.inmotionhosting.com. 14400 IN A 70.39.150.2
;; Query time: 165 msec
;; SERVER: 74.124.210.242#53(74.124.210.242)
;; WHEN: Thu Jan 20 14:01:15 CET 2022
;; MSG SIZE rcvd: 2478
pi@raspberrypi:~ $
How much "earlier"?
How fast do that many records get created?
Thanks for all your responses. We cleared all TXT records this morning. Then started creating new orders for same domain and kept on adding dns records but none of the attempt succeeded.
We added the dns record and tried validation immediately after few seconds (as local check of dns validates correct almost immediately after adding txt record), order status changed from pending to invalid. Then we waited few hours and tried dns validation again but order remains invalid forever and not refreshing.
Are we doing anything wrong here?
I believe that you are in the process of developing your ACME client. It is very important that the client automatically removes the challenge DNS record it created immediately after the the domain validation process finishes (even if the validation process fails). Otherwise, the challenge DNS records are piling up for each attempt, and that makes the later domain authorization processes to permanently fail. There is a number limit of the challenge TXT DNS records the ACME server is ready to process.
Thanks for all your input.. I'm here with same issue on another website - please check the custom acme flow below,
Domain covered:
[\"rs-immobiliare.it\"]
[04-02-2022 10:53:22] :
No account found, attempting to create account.
[04-02-2022 10:53:25] :
LEClient finished constructing
[04-02-2022 10:53:25] :
No order found for \'rs-immobiliare.it\'. Creating new order.
[04-02-2022 10:53:26] :
Created order for \'rs-immobiliare.it\'.
Offering manual verification procedure.
https://dns.google.com/resolve?name=_acme-challenge.rs-immobiliare.it&type=TXT should return dhRxAhQixUL1-wfQncm404Oj4kPwxYxR0t66Qw2Ak5k -> OK
Local check - All DNS challenges verified
[11-02-2022 14:08:55] :
LEClient finished constructing
[11-02-2022 14:08:55] :
Order data for \'rs-immobiliare.it\' invalid. Deleting order data and creating new order. Order exception is Invalid response: 404 (No order for ID 61143650940) and public key -----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyVs7qdTjm4JJysVo09wQ
uNbLAW6byjMEqpweagIy0UtDg+mkGHRWiz2Sv8h49f7xe3xboruasGCl9YDQ1q0q
ZvvlAuwovGdohxMbvpWRb1EG4lMDKgwFEYZw7aRZM5+zpsOXi3tC2P0U0rM+apvH
XDnQuUoxOZnBBpWMdaXV+rRbfBOaHbunlFfGDaYqiu3OVYA5B0k3OZTftro7i6G3
pP2fAbbvjpNyBZIFr7EIS2AOGtrXxdLDQSdLitdBYfePI2/7mEbaP/ONCjTyb84q
zc92yfyNTgEBVAXi41ABKjLSgV+madcKYaXQxmBXELoECV0HjLmfyV+uOZ/JGBbV
JwIDAQAB
-----END PUBLIC KEY-----
[11-02-2022 14:08:56] :
Created order for \'rs-immobiliare.it\'.
There are some pending verifications. If new DNS records were added, please run this installation again after 5-10mins
[{\"type\":\"dns-01\",\"identifier\":\"rs-immobiliare.it\",\"DNSDigest\":\"UTWSp_Yz2jyfeeaAfdXctd_IxLcClr8voCxozDUyQcs\"}]
https://dns.google.com/resolve?name=_acme-challenge.rs-immobiliare.it&type=TXT should return dhRxAhQixUL1-wfQncm404Oj4kPwxYxR0t66Qw2Ak5k -> OK
Local check - All DNS challenges verified
[11-02-2022 14:10:10] :
LEClient finished constructing
[11-02-2022 14:10:10] :
Order data for \'rs-immobiliare.it\' invalid. Deleting order data and creating new order. Order exception is Order status is invalid. and public key -----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArNi1f24h1ilIp3VDJ9+B
k7lu5lcw5P3EUU+ygVgJL0zTLBcOEpuy0VTcgf7HXCMsRGJg5WsEcZZ7tbUjI0Lp
GKPS9Dvmehxar5BTGj0hc0DErn9jzqjafm77Rz4Le0NE/UMXwhcLvBhSROxQu1dh
T4YjOh2SayJWw/IQ5Izb/YrIOJ2qWYZjx4hVF162aYOlFJNlT5BlOeQ2wpiEqzZF
NTLmijxrTnO5eihriF56ZKr9Qw8UoM5RP/8mwJ/6T9xSKjSV+IGkEc/SBsjf8OWc
scip982HkYxY5wmsYrsuEIMQUieaZKBQJShfSB4WCp3MnOAPnkpITsfBFNYZFo8a
FwIDAQAB
-----END PUBLIC KEY-----
[11-02-2022 14:10:11] :
Created order for \'rs-immobiliare.it\'.
There are some pending verifications. If new DNS records were added, please run this installation again after 5-10mins
[{\"type\":\"dns-01\",\"identifier\":\"rs-immobiliare.it\",\"DNSDigest\":\"RZQFgLnXPS8LA5f6vqBc2CRyQGFaWRbSwXkJUp-Pleg\"}]
https://dns.google.com/resolve?name=_acme-challenge.rs-immobiliare.it&type=TXT should return dhRxAhQixUL1-wfQncm404Oj4kPwxYxR0t66Qw2Ak5k -> OK
Local check - All DNS challenges verified
[11-02-2022 14:29:08] :
LEClient finished constructing
[11-02-2022 14:29:08] :
Order data for \'rs-immobiliare.it\' invalid. Deleting order data and creating new order. Order exception is Order status is invalid. and public key -----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5/rWJclA0NCSuDadFIaK
ttDLyvEcVNwc5GvsBz0K7TqjRWHOeswqx9G7m69UlCHqePhL75v6vZFvEzoNQpsp
tzs5Ff1z1qU+Yh0hOlEm+ppj0nySsgHXh1Jk/tmn6ftGsI08m0D7+RJHrDjuiXjt
4Rvt2P4D3ty0I7hoKz1In2IfRly+GdaXeRbz4/hZxnQ4ZszUDHoC9Ij9dM96JLFA
7iX19b3EGeO4fGls8DvBS2I4EODjgYoYrLfWa/pkAtwnb8cvE/F9j+GgDMtHewzQ
NSw5QP9RKvkvmkbtrpLQCv0w5N4gn6BzekDH7aXzTmU91oAjgqlKB6zwh9oKIBuu
oQIDAQAB
-----END PUBLIC KEY-----
[11-02-2022 14:29:08] :
Created order for \'rs-immobiliare.it\'.
There are some pending verifications. If new DNS records were added, please run this installation again after 5-10mins
[{\"type\":\"dns-01\",\"identifier\":\"rs-immobiliare.it\",\"DNSDigest\":\"FCPIjp-HJlCxcAf3c3k76TTg2zygIO60prHby0qGCOY\"}]
https://dns.google.com/resolve?name=_acme-challenge.rs-immobiliare.it&type=TXT should return dhRxAhQixUL1-wfQncm404Oj4kPwxYxR0t66Qw2Ak5k -> OK
Local check - All DNS challenges verified
[11-02-2022 15:00:50] :
LEClient finished constructing
[11-02-2022 15:00:51] :
Order data for \'rs-immobiliare.it\' invalid. Deleting order data and creating new order. Order exception is Order status is invalid. and public key -----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzurpyiPzmhqe8zlL12TM
Xsji3vGf778ihfUKrllJ4xMvnJiikbx1xYIOXr2W+DL2J9RlkW3gU0T1U+PD/Qkn
qhPeC9zAK8t5cV8xGLBAmpuF5Vm0Rc01S2ZIF4kF7LsUkBmLta+CdLhBcarxwb3s
+o3ApjIhh8YbXdCemCUuVr1m0ufBFJGo4pmyTeIYDhTHggk3Pjo5o+pVa0ZZQf5F
T2d6tAcYXRcqUX6XeWiAjs70zkeUoZTAD/kkZuHPb60eWySY2OXWmpr8xRA08UW8
pDLja7BiZVOx8nruwLWdQahXEHVvTOxqMqNr+Koy68IRPH4jMhY7J1qDyqodxy69
xwIDAQAB
-----END PUBLIC KEY-----
[11-02-2022 15:00:51] :
Created order for \'rs-immobiliare.it\'.
There are some pending verifications. If new DNS records were added, please run this installation again after 5-10mins
[{\"type\":\"dns-01\",\"identifier\":\"rs-immobiliare.it\",\"DNSDigest\":\"O2zM9ppiSNdFOtM2_m1k9QNZ2pJTYp1mnKHuWeRfJjE\"}]
Local check of DNS succeeded in very first attempt but the order data gets invalid. Can someone please explain why order data got "invalid" response right after first attempt to verify DNS?
Have the ACME client verified all the authoritative name servers of the domain rs-immobiliare.it for the expected challenge DNS record? If there is some replication delay from the master to the slave server, the ACME server may check the server that still does not have the record available.
@bruncsak If the DNS is not propagated and ACME server returns "invalid" response after a failed verification, can we request re-verification of DNS challenge and change the order status? OR creating a different new order is the only option once after an order becomes invalid?
It is not possible to do anything with an order object in invalid state (read the RFC). You have to create a new order.
You may want to log the output of all the REST API calls to the ACME server. One may contain more detailed explanation what went wrong with the challenge verification.
[type] => urn:ietf:params:acme:error:unauthorized
[detail] => No order for ID 61143650940
[status] => 404
As shown in response log at very top of this thread (for a different site), the API response for invalid order returns unauthorized error type & that's the same exact response for this site too. Does that help or for which API call response are we looking for?
When polling the authorization object status with POST-as-GET request, one may see interesting details.
However, please be prepared that any API call may return with error. Do not forget to report those possible conditions.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.