Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
It produced this output:
Requesting a certificate for servraid.duckdns.org
Unsafe permissions on credentials configuration file: /config/dns-conf/duckdns.ini
Unsafe permissions on credentials configuration file: /config/dns-conf/duckdns.ini
The DNS response does not contain an answer to the question: servraid.duckdns.org. IN TXT
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
ERROR: Cert does not exist! Please see the validation error above. Make sure you entered correct credentials into the /config/dns-conf/duckdns.ini file.
My web server is (include version):
nginx
The operating system my web server runs on is (include version):
Unraid 6.9.2
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know):
yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
I see a TXT record right now but it has no value. Did you create that? Normally the DNS plug-in creates a TXT record with the value required for the DNS Challenge. It is odd to see a TXT record with no value.
Can you show the certbot command you used? Please redact any duckdns-token
No I don't think I created anything. I'm using a docker template for unraid, I don't know what command it use to run. But it's been working for the past 2 years so I don't get what's going on. I have another instance of the same docker that work no problem with my other domain using same token
Actually, you might not be able to. I see empty TXT records for other duckdns domains so maybe that's a quirk of duckdns. Might not be related to your problem. Sorry.
certbot certonly --non-interactive --renew-by-default --server https://acme-v02.api.letsencrypt.org/directory -a dns-duckdns --dns-duckdns-credentials /config/dns-conf/duckdns.ini --dns-duckdns-propagation-seconds 60 --rsa-key-size 4096 -m #### --no-eff-email --agree-tos -d servraid.duckdns.org
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for servraid.duckdns.org
Unsafe permissions on credentials configuration file: /config/dns-conf/duckdns.ini
Unsafe permissions on credentials configuration file: /config/dns-conf/duckdns.ini
The DNS response does not contain an answer to the question: servraid.duckdns.org. IN TXT
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
Here's the log file
This is the output with -v
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator dns-duckdns, Installer None
Requesting a certificate for servraid.duckdns.org
Performing the following challenges:
dns-01 challenge for servraid.duckdns.org
Unsafe permissions on credentials configuration file: /config/dns-conf/duckdns.ini
Unsafe permissions on credentials configuration file: /config/dns-conf/duckdns.ini
Cleaning up challenges
The DNS response does not contain an answer to the question: servraid.duckdns.org. IN TXT
Start to finish, the entire logfile spanned less than two seconds:
2022-10-11 23:26:07,746:DEBUG:certbot._internal.main:certbot version: 1.31.0
2022-10-11 23:26:09,250:ERROR:certbot._internal.log:The DNS response does not contain an answer to the question: servraid.duckdns.org. IN TXT
I think the empty propagation time might have something to do with this problem.
You can see on my log file from pastebin that the propagation is 60. I also posted just before it the result of running the command by hand with the 60, which yield the same result. After, I ran it again with -v and put the output after the pastebin link.
The value wasn't blank, I just didn't knew the value until I found out in that log file, the command line was written and its 60.
2022-10-11 23:26:08,877:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
File "/usr/lib/python3.9/site-packages/certbot_dns_duckdns/cert/client.py", line 82, in _perform
txt_values = custom_resolver.resolve(duckdns_domain, "TXT")
File "/usr/lib/python3.9/site-packages/dns/resolver.py", line 1090, in resolve
(answer, done) = resolution.query_result(response, None)
File "/usr/lib/python3.9/site-packages/dns/resolver.py", line 696, in query_result
raise NoAnswer(response=answer.response)
dns.resolver.NoAnswer: The DNS response does not contain an answer to the question: servraid.duckdns.org. IN TXT
It says the error was from line 82 in the duckdns plug-in. You should probably post this problem to the github for this plug-in (HERE). They will have more experience on their code. You can see the failing code HERE (just scroll down to line 82)
I don't have any good guesses as to why that DNS function is failing.
It looks like a failure setting up the TXT info before the challenge. The challenge has not started so the problem is not in the Let's Encrypt servers.
edit: so I downgraded my swag version to one that is 20 days older, and it worked. So there's something with the latest version of the container it seems.
I'm trying to check but running python yield error saying it doesn't exist... I'm pretty sure it's there, just need to find where the package is installed.
