-
I am using a manual_auth_hook that directly pushes dns challenges onto my own dns server.
-
The first challenge is always successful. I a second challenge is issued, it fails, claiming that a wrong dns entry was found
-
in the log below
- my manual_auth_hook script logs the requested challenges
- the ‘wrong’ challenge logged by certbot in the very end is exactly the same than the one requested to my script
-
my TXT entries have TTL 1
-
in this attempt, my script already had a waiting of 5 secs after updating the DNS record
My domain is: *.haug.in
I ran this command: certbot renew
It produced this output:
Processing /etc/letsencrypt/renewal/haug.in.conf
Cert is due for renewal, auto-renewing…
Plugins selected: Authenticator manual, Installer None
Renewing an existing certificate
Performing the following challenges:
dns-01 challenge for haug.in
dns-01 challenge for haug.in
Running manual-auth-hook command: /etc/letsencrypt/dns-updater.sh
Output from manual-auth-hook command dns-updater.sh:
Domain
haug.in
ssh -p6554 dns@vs2.ing-haug.de ./updateacme haug.in KXlgbS-krNBvcIoFMBjgT6A5AHPR8-IwwMVwF46-6do
validation
KXlgbS-krNBvcIoFMBjgT6A5AHPR8-IwwMVwF46-6do
Running manual-auth-hook command: /etc/letsencrypt/dns-updater.sh
Output from manual-auth-hook command dns-updater.sh:
Domain
haug.in
ssh -p6554 dns@vs2.ing-haug.de ./updateacme haug.in M_Buq1fuEZVdVe9JMn3ukU6OS0kF8oybyE5QKWmzkHI
validation
M_Buq1fuEZVdVe9JMn3ukU6OS0kF8oybyE5QKWmzkHI
Waiting for verification…
Challenge failed for domain haug.in
dns-01 challenge for haug.in
Cleaning up challenges
Attempting to renew cert (haug.in) from /etc/letsencrypt/renewal/haug.in.conf produced an unexpected error: Some challenges have failed… Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/haug.in/fullchain.pem (failure)
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/haug.in/fullchain.pem (failure)
Running post-hook command: /etc/letsencrypt/renewal-hooks/post/restart-dovecot
Running post-hook command: /etc/letsencrypt/renewal-hooks/post/restart-nginx
Running post-hook command: /etc/letsencrypt/renewal-hooks/post/restart-postfix
1 renew failure(s), 0 parse failure(s)
IMPORTANT NOTES:
-
The following errors were reported by the server:
Domain: haug.in
Type: unauthorized
Detail: Incorrect TXT record
“M_Buq1fuEZVdVe9JMn3ukU6OS0kF8oybyE5QKWmzkHI” found at
_acme-challenge.haug.inTo fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
My web server is (include version): unused
The operating system my web server runs on is (include version):
Linux fsoc.haug.in 5.2.17-200.fc30.x86_64 #1 SMP Mon Sep 23 13:42:32 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
My hosting provider, if applicable, is: own web server, own DNS servers
I can login to a root shell on my machine (yes or no, or I don’t know): yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you’re using Certbot): certbot 0.38.0