Some challenges have failed

My domain is:

I ran this command:
python script:
certbot_cmd = “/usr/bin/certbot certonly --renew-by-default -d {} --manual --preferred-challenges dns”.format(domain)
f = open(‘spawn.log’,‘wb’)
child = pexpect.spawn(’/bin/bash’, [’-c’,certbot_cmd],logfile=f,timeout=300)
i = child.expect(’(Y)es/(N)o:’)

    if i == 0:
        i = child.expect("Press Enter to Continue",timeout=30)

It produced this output:

Waiting for verification…
Challenge failed for domain
dns-01 challenge for
Cleaning up challenges
Some challenges have failed.


  • The following errors were reported by the server:

    Type: dns
    Detail: DNS problem: NXDOMAIN looking up TXT for - check that a DNS record exists
    for this domain

note: i already txt dns TXT record ,and gig ok with

My web server is (include version):
nginx 1.5

The operating system my web server runs on is (include version):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
certbot 1.5.0


Hi @shangz

there - - is no TXT entry visible.

But see the name server part of your check: Some of your name servers have timeouts.

And critical:

X Nameserver Timeout checking Echo Capitalization: /
X Nameserver Timeout checking Echo Capitalization: /
X Nameserver Timeout checking Echo Capitalization: /
X Nameserver Timeout checking Echo Capitalization: /
X Nameserver Timeout checking Echo Capitalization: /

Echo capitalization support is checked via Letsencrypt. If that doesn’t work, that may produce a Servfail.

1 Like

i challenges from linux terminal,i can challenge success with dns txt record
/usr/bin/certbot certonly --renew-by-default -d --manual --preferred-challenges dns
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Starting new HTTPS connection (1):
Renewing an existing certificate
Performing the following challenges:
dns-01 challenge for

NOTE: The IP of this machine will be publicly logged as having requested this
certificate. If you’re running certbot in manual mode on a machine that is not
your server, please ensure you’re okay with that.

Are you OK with your IP being logged?

(Y)es/(N)o: y

Please deploy a DNS TXT record under the name with the following value:


Before continuing, verify the record is deployed.

Press Enter to Continue
Waiting for verification…
Resetting dropped connection:
Cleaning up challenges


  • Congratulations! Your certificate and chain have been saved at:
    Your key file has been saved at:
    Your cert will expire on 2020-10-21. To obtain a new or tweaked
    version of this certificate in the future, simply run certbot
    again. To non-interactively renew all of your certificates, run
    “certbot renew”

  • If you like Certbot, please consider supporting our work by:

    Donating to ISRG / Let’s Encrypt:
    Donating to EFF:

how can i challenge with python pexpect???

You have created a valid certificate. So the problem is solved.

I don’t understand your question.

PS: The screen of that edit form is a little bit buggy - so two parts. Scrolling isn’t possible.

PPS: If someone has the same problem: Edit form - fullscreen, not possible to reduce the height. Solution: Hide preview, then it’s possible to create a smaller window.

1 Like

I don’t know how to integrate the following with your Python script, but certbot uses the options --manual-auth-hook and --manual-cleanup-hook to point to a script which would put the TXT record into the zonefile (auth hook) and a script which would cleanup the TXT records after the challenge has been performed. See the certbot documentation about hooks for more info.

Also I’d like to add that using renew-by-default is NOT recommended for production use. I would also like to remind you to the staging environment, where testing like this should be done!

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.