Some domains failing to verify DNS TXT record _ame_challenge (powerDNS)

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: vp2.stg.localnet.io

I ran this command:
certbot certonly -n --authenticator certbot-dns-powerdns:dns-powerdns -d vp2.stg.localnet.io --agree-tos --email "devops@voyant.com" --expand --debug-challenge --certbot-dns-powerdns:dns-powerdns-credentials /etc/letsencrypt/pdns-credentials.ini --certbot-dns-powerdns:dns-powerdns-propagation-seconds 240

It produced this output:

Plugin legacy name certbot-dns-powerdns:dns-powerdns may be removed in a future version. Please use dns-powerdns instead.
Requesting a certificate for vp2.stg.localnet.io
Unsafe permissions on credentials configuration file: /etc/letsencrypt/pdns-credentials.ini
Unsafe permissions on credentials configuration file: /etc/letsencrypt/pdns-credentials.ini
Waiting 240 seconds for DNS changes to propagate

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Challenges loaded. Press continue to submit to CA. Pass "-v" for more info about
challenges.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Certbot failed to authenticate some domains (authenticator: certbot-dns-powerdns:dns-powerdns). The Certificate Authority reported these problems:
  Domain: vp2.stg.localnet.io
  Type:   dns
  Detail: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.vp2.stg.localnet.io - check that a DNS record exists for this domain

Hint: The Certificate Authority failed to verify the DNS TXT records created by --certbot-dns-powerdns:dns-powerdns. Ensure the above domains are hosted by this DNS provider, or try increasing --certbot-dns-powerdns:dns-powerdns-propagation-seconds (currently 240 seconds).

Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

My web server is (include version): cetbot run on an Ubuntu 20.04 VM (no web server)

The operating system my web server runs on is (include version): cetbot run on an Ubuntu 20.04 VM (no web server)

My hosting provider, if applicable, is: DNS registrar is PowerDNS

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

certbot 1.20.0

I have been using this command (above) with that dns plugin. Some domains work, and others fail with failing to verify DNS TXT record. I have increased timeout several times. I have checked the zone in DNS to make sure there are no malformed records, and not a bunch of TXT records that can be removed. All records look good, and only 2 TXT records. I can see the TXT record get injected and removed... ex.

MacBook-Pro.local ~
╰─➤  while true; do dig @137.192.240.3 _acme-challenge.vp2.stg.localnet.io TXT +short; sleep 3; done                      130 ↵
"KjP0WdnpcmDOrqKokHHUhChT8saDkG9p6n3qjhGtF5U"
"KjP0WdnpcmDOrqKokHHUhChT8saDkG9p6n3qjhGtF5U"
"KjP0WdnpcmDOrqKokHHUhChT8saDkG9p6n3qjhGtF5U"
"KjP0WdnpcmDOrqKokHHUhChT8saDkG9p6n3qjhGtF5U"
"KjP0WdnpcmDOrqKokHHUhChT8saDkG9p6n3qjhGtF5U"
"KjP0WdnpcmDOrqKokHHUhChT8saDkG9p6n3qjhGtF5U"
"KjP0WdnpcmDOrqKokHHUhChT8saDkG9p6n3qjhGtF5U"
"KjP0WdnpcmDOrqKokHHUhChT8saDkG9p6n3qjhGtF5U"
"KjP0WdnpcmDOrqKokHHUhChT8saDkG9p6n3qjhGtF5U"
"KjP0WdnpcmDOrqKokHHUhChT8saDkG9p6n3qjhGtF5U"
"KjP0WdnpcmDOrqKokHHUhChT8saDkG9p6n3qjhGtF5U"
"KjP0WdnpcmDOrqKokHHUhChT8saDkG9p6n3qjhGtF5U"
"KjP0WdnpcmDOrqKokHHUhChT8saDkG9p6n3qjhGtF5U"
"KjP0WdnpcmDOrqKokHHUhChT8saDkG9p6n3qjhGtF5U"
"KjP0WdnpcmDOrqKokHHUhChT8saDkG9p6n3qjhGtF5U"
"KjP0WdnpcmDOrqKokHHUhChT8saDkG9p6n3qjhGtF5U"
"KjP0WdnpcmDOrqKokHHUhChT8saDkG9p6n3qjhGtF5U"
"KjP0WdnpcmDOrqKokHHUhChT8saDkG9p6n3qjhGtF5U"
"KjP0WdnpcmDOrqKokHHUhChT8saDkG9p6n3qjhGtF5U"
"KjP0WdnpcmDOrqKokHHUhChT8saDkG9p6n3qjhGtF5U"
"KjP0WdnpcmDOrqKokHHUhChT8saDkG9p6n3qjhGtF5U"
"KjP0WdnpcmDOrqKokHHUhChT8saDkG9p6n3qjhGtF5U"
"KjP0WdnpcmDOrqKokHHUhChT8saDkG9p6n3qjhGtF5U"
"KjP0WdnpcmDOrqKokHHUhChT8saDkG9p6n3qjhGtF5U"
"KjP0WdnpcmDOrqKokHHUhChT8saDkG9p6n3qjhGtF5U"
"KjP0WdnpcmDOrqKokHHUhChT8saDkG9p6n3qjhGtF5U"
"KjP0WdnpcmDOrqKokHHUhChT8saDkG9p6n3qjhGtF5U"
"KjP0WdnpcmDOrqKokHHUhChT8saDkG9p6n3qjhGtF5U"
"KjP0WdnpcmDOrqKokHHUhChT8saDkG9p6n3qjhGtF5U"
"KjP0WdnpcmDOrqKokHHUhChT8saDkG9p6n3qjhGtF5U"
"KjP0WdnpcmDOrqKokHHUhChT8saDkG9p6n3qjhGtF5U"
"KjP0WdnpcmDOrqKokHHUhChT8saDkG9p6n3qjhGtF5U"
"KjP0WdnpcmDOrqKokHHUhChT8saDkG9p6n3qjhGtF5U"
"KjP0WdnpcmDOrqKokHHUhChT8saDkG9p6n3qjhGtF5U"
"KjP0WdnpcmDOrqKokHHUhChT8saDkG9p6n3qjhGtF5U"
"KjP0WdnpcmDOrqKokHHUhChT8saDkG9p6n3qjhGtF5U"
"KjP0WdnpcmDOrqKokHHUhChT8saDkG9p6n3qjhGtF5U"
"KjP0WdnpcmDOrqKokHHUhChT8saDkG9p6n3qjhGtF5U"
"KjP0WdnpcmDOrqKokHHUhChT8saDkG9p6n3qjhGtF5U"
"KjP0WdnpcmDOrqKokHHUhChT8saDkG9p6n3qjhGtF5U"
"KjP0WdnpcmDOrqKokHHUhChT8saDkG9p6n3qjhGtF5U"
"KjP0WdnpcmDOrqKokHHUhChT8saDkG9p6n3qjhGtF5U"
"KjP0WdnpcmDOrqKokHHUhChT8saDkG9p6n3qjhGtF5U"
"KjP0WdnpcmDOrqKokHHUhChT8saDkG9p6n3qjhGtF5U"
"KjP0WdnpcmDOrqKokHHUhChT8saDkG9p6n3qjhGtF5U"
"KjP0WdnpcmDOrqKokHHUhChT8saDkG9p6n3qjhGtF5U"
"KjP0WdnpcmDOrqKokHHUhChT8saDkG9p6n3qjhGtF5U"
"KjP0WdnpcmDOrqKokHHUhChT8saDkG9p6n3qjhGtF5U"
"KjP0WdnpcmDOrqKokHHUhChT8saDkG9p6n3qjhGtF5U"
"KjP0WdnpcmDOrqKokHHUhChT8saDkG9p6n3qjhGtF5U"
"KjP0WdnpcmDOrqKokHHUhChT8saDkG9p6n3qjhGtF5U"
"KjP0WdnpcmDOrqKokHHUhChT8saDkG9p6n3qjhGtF5U"
"KjP0WdnpcmDOrqKokHHUhChT8saDkG9p6n3qjhGtF5U"
"KjP0WdnpcmDOrqKokHHUhChT8saDkG9p6n3qjhGtF5U"
"KjP0WdnpcmDOrqKokHHUhChT8saDkG9p6n3qjhGtF5U"
"KjP0WdnpcmDOrqKokHHUhChT8saDkG9p6n3qjhGtF5U"
"KjP0WdnpcmDOrqKokHHUhChT8saDkG9p6n3qjhGtF5U"
"KjP0WdnpcmDOrqKokHHUhChT8saDkG9p6n3qjhGtF5U"
"KjP0WdnpcmDOrqKokHHUhChT8saDkG9p6n3qjhGtF5U"
"KjP0WdnpcmDOrqKokHHUhChT8saDkG9p6n3qjhGtF5U"
"KjP0WdnpcmDOrqKokHHUhChT8saDkG9p6n3qjhGtF5U"
"KjP0WdnpcmDOrqKokHHUhChT8saDkG9p6n3qjhGtF5U"
"KjP0WdnpcmDOrqKokHHUhChT8saDkG9p6n3qjhGtF5U"
"KjP0WdnpcmDOrqKokHHUhChT8saDkG9p6n3qjhGtF5U"
"KjP0WdnpcmDOrqKokHHUhChT8saDkG9p6n3qjhGtF5U"
"KjP0WdnpcmDOrqKokHHUhChT8saDkG9p6n3qjhGtF5U"
"KjP0WdnpcmDOrqKokHHUhChT8saDkG9p6n3qjhGtF5U"
"KjP0WdnpcmDOrqKokHHUhChT8saDkG9p6n3qjhGtF5U"
"KjP0WdnpcmDOrqKokHHUhChT8saDkG9p6n3qjhGtF5U"
"KjP0WdnpcmDOrqKokHHUhChT8saDkG9p6n3qjhGtF5U"
"KjP0WdnpcmDOrqKokHHUhChT8saDkG9p6n3qjhGtF5U"
"KjP0WdnpcmDOrqKokHHUhChT8saDkG9p6n3qjhGtF5U"
"KjP0WdnpcmDOrqKokHHUhChT8saDkG9p6n3qjhGtF5U"
"KjP0WdnpcmDOrqKokHHUhChT8saDkG9p6n3qjhGtF5U"
"KjP0WdnpcmDOrqKokHHUhChT8saDkG9p6n3qjhGtF5U"
"KjP0WdnpcmDOrqKokHHUhChT8saDkG9p6n3qjhGtF5U"
"KjP0WdnpcmDOrqKokHHUhChT8saDkG9p6n3qjhGtF5U"


1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.