Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
I ran this command:
certbot certonly -n --authenticator certbot-dns-powerdns:dns-powerdns -d vp2.stg.localnet.io --agree-tos --email "devops@voyant.com" --expand --debug-challenge --certbot-dns-powerdns:dns-powerdns-credentials /etc/letsencrypt/pdns-credentials.ini --certbot-dns-powerdns:dns-powerdns-propagation-seconds 240
It produced this output:
Plugin legacy name certbot-dns-powerdns:dns-powerdns may be removed in a future version. Please use dns-powerdns instead.
Requesting a certificate for vp2.stg.localnet.io
Unsafe permissions on credentials configuration file: /etc/letsencrypt/pdns-credentials.ini
Unsafe permissions on credentials configuration file: /etc/letsencrypt/pdns-credentials.ini
Waiting 240 seconds for DNS changes to propagate
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Challenges loaded. Press continue to submit to CA. Pass "-v" for more info about
challenges.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Certbot failed to authenticate some domains (authenticator: certbot-dns-powerdns:dns-powerdns). The Certificate Authority reported these problems:
Domain: vp2.stg.localnet.io
Type: dns
Detail: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.vp2.stg.localnet.io - check that a DNS record exists for this domain
Hint: The Certificate Authority failed to verify the DNS TXT records created by --certbot-dns-powerdns:dns-powerdns. Ensure the above domains are hosted by this DNS provider, or try increasing --certbot-dns-powerdns:dns-powerdns-propagation-seconds (currently 240 seconds).
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
My web server is (include version): cetbot run on an Ubuntu 20.04 VM (no web server)
The operating system my web server runs on is (include version): cetbot run on an Ubuntu 20.04 VM (no web server)
My hosting provider, if applicable, is: DNS registrar is PowerDNS
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
I have been using this command (above) with that dns plugin. Some domains work, and others fail with failing to verify DNS TXT record. I have increased timeout several times. I have checked the zone in DNS to make sure there are no malformed records, and not a bunch of TXT records that can be removed. All records look good, and only 2 TXT records. I can see the TXT record get injected and removed... ex.