Problem with a DNS query during identifier validation

My domain is:jabber.weishaupt.be
I ran this command: Sign CSR with ACME provider
It produced this output: Sign Alarm. There was a problem with a DNS query during identifier validation
Product: Cisco Expressway-E
The operating system my web server runs on is (include version): CentOS
I can login to a root shell on my machine (yes or no, or I don't know):yes

When I add the CN: srvexpwe01.jabber.weishaupt.be in the SAN, the ACME signing works.
But for MRA to work on Expressway-E, I also need to add jabber.weishaupt.be or collab-edge.jabber.weishaupt.be in the SAN. When I do this, the signing fails with error: Sign Alarm. There was a problem with a DNS query during identifier validation.
Hope someone could shed some light on this.

Welcome to the community @cafo

I am not familiar with your ACME client but I can make a good guess about what is happening.

The error saying "DNS query during identifier validation" is probably due to you missing an A (or AAAA record if using IPv6) in the DNS for those two domain names. You have an A record for the srvexpwe01 domain but not the two others.

That error looks like it might come from your ACME client and not the Let's Encrypt server. So you could check with your vendor support. But, if that is doing an HTTP challenge to get a cert then Let's Encrypt will need an A (and/or AAAA) record too.

The Let's Debug test site is often helpful in these cases

5 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.