Hi,
I used this letsencrypt client: https://github.com/komuW/sewer
and cloudflare is my dns provider.
When using the cli of that letsencrypt client on letsencrypt staging endpoint evrything works. However when I switch to the production/live letsencrypt endpoints, things do not work; I get the error : No TXT records found for DNS challenge
Here are the logs while using letsencrypt staging endpoint:
CLOUDFLARE_EMAIL=example CLOUDFLARE_API_KEY=example CLOUDFLARE_DNS_ZONE_ID=example sewer --dns cloudflare --action run --email test@gmail.com --domains staging.amqphosting.com --endpoint staging
2017-07-16 16:48.04 chosen_dns_provider message=Using cloudflare as dns provider.
2017-07-16 16:48.04 create_certificate_key client_name=ACMEclient
2017-07-16 16:48.04 create_csr client_name=ACMEclient
2017-07-16 16:48.04 get_certificate_chain client_name=ACMEclient
2017-07-16 16:48.06 get_certificate_chain_response client_name=ACMEclient status_code=200
2017-07-16 16:48.06 create_account_key client_name=ACMEclient
2017-07-16 16:48.07 write_account_key message=account key succesfully written to current directory.
2017-07-16 16:48.27 create_cloudflare_dns_record_response dns_provider_name=cloudflare response={u’errors’: [], u’messages’: [], u’result’: {u’proxiable’: False, u’locked’: False, u’name’: u’_acme-challenge.staging.amqphosting.com’, u’proxied’: False, u’content’: u’QsORyCVovq41vGUhS78KNHAtEPGNhXwMzvdlNz___ok’, u’created_on’: u’2017-07-16T13:48:27.220355Z’, u’meta’: {u’auto_added’: False}, u’ttl’: 1, u’modified_on’: u’2017-07-16T13:48:27.220355Z’, u’zone_name’: u’amqphosting.com’, u’type’: u’TXT’, u’id’: u’6ac2196cb6d2400dcf6ad3eb455d4e5d’, u’zone_id’: u’812286a52c9bc8ae5f210b77d1384a41’}, u’success’: True} status_code=200
2017-07-16 16:48.27 notify_acme_challenge_set ACME_CERTIFICATE_AUTHORITY_URL=https://acme-staging.api.letsencrypt.org client_name=ACMEclient client_version=0.2.1 domain_name=staging.amqphosting.com
2017-07-16 16:48.27 make_signed_acme_request ACME_CERTIFICATE_AUTHORITY_URL=https://acme-staging.api.letsencrypt.org client_name=ACMEclient client_version=0.2.1 domain_name=staging.amqphosting.com
2017-07-16 16:48.27 get_acme_header ACME_CERTIFICATE_AUTHORITY_URL=https://acme-staging.api.letsencrypt.org client_name=ACMEclient client_version=0.2.1 domain_name=staging.amqphosting.com
2017-07-16 16:48.32 sign_message ACME_CERTIFICATE_AUTHORITY_URL=https://acme-staging.api.letsencrypt.org client_name=ACMEclient client_version=0.2.1 domain_name=staging.amqphosting.com
2017-07-16 16:48.34 notify_acme_challenge_set_response ACME_CERTIFICATE_AUTHORITY_URL=https://acme-staging.api.letsencrypt.org client_name=ACMEclient client_version=0.2.1 domain_name=staging.amqphosting.com response={u’status’: u’pending’, u’keyAuthorization’: u’EvWapKhciXEEmr1i-DMavkMwkv5AstHt2U9wkYnuW6U.bvc7NiMDNxj87N1kMD7ZjHZ22_J1K-Gu1tXDdW7IVCg’, u’token’: u’EvWapKhciXEEmr1i-DMavkMwkv5AstHt2U9wkYnuW6U’, u’type’: u’dns-01’, u’uri’: u’https://acme-staging.api.letsencrypt.org/acme/challenge/wYej7IOXOg5Aqi04pLzt2sgOtatBqZcTLe95WLlp8K0/48404274’} status_code=202
2017-07-16 16:48.34 check_challenge ACME_CERTIFICATE_AUTHORITY_URL=https://acme-staging.api.letsencrypt.org client_name=ACMEclient client_version=0.2.1 domain_name=staging.amqphosting.com
2017-07-16 16:48.41 check_challenge_status_response ACME_CERTIFICATE_AUTHORITY_URL=https://acme-staging.api.letsencrypt.org client_name=ACMEclient client_version=0.2.1 domain_name=staging.amqphosting.com number_of_checks=1 response={u’status’: u’valid’, u’validationRecord’: [{u’addressesTried’: [], u’hostname’: u’staging.amqphosting.com’, u’addressUsed’: u’’, u’port’: u’’, u’addressesResolved’: []}], u’keyAuthorization’: u’EvWapKhciXEEmr1i-DMavkMwkv5AstHt2U9wkYnuW6U.bvc7NiMDNxj87N1kMD7ZjHZ22_J1K-Gu1tXDdW7IVCg’, u’uri’: u’https://acme-staging.api.letsencrypt.org/acme/challenge/wYej7IOXOg5Aqi04pLzt2sgOtatBqZcTLe95WLlp8K0/48404274’, u’token’: u’EvWapKhciXEEmr1i-DMavkMwkv5AstHt2U9wkYnuW6U’, u’type’: u’dns-01’} status_code=202
2017-07-16 16:48.41 delete_dns_record dns_provider_name=cloudflare
2017-07-16 16:48.49 delete_dns_record_response dns_provider_name=cloudflare response={u’errors’: [], u’messages’: [], u’result’: {u’id’: u’6ac2196cb6d2400dcf6ad3eb455d4e5d’}, u’success’: True} status_code=200
2017-07-16 16:48.49 get_certicate ACME_CERTIFICATE_AUTHORITY_URL=https://acme-staging.api.letsencrypt.org client_name=ACMEclient client_version=0.2.1 domain_name=staging.amqphosting.com
2017-07-16 16:48.49 make_signed_acme_request ACME_CERTIFICATE_AUTHORITY_URL=https://acme-staging.api.letsencrypt.org client_name=ACMEclient client_version=0.2.1 domain_name=staging.amqphosting.com
2017-07-16 16:48.49 get_acme_header ACME_CERTIFICATE_AUTHORITY_URL=https://acme-staging.api.letsencrypt.org client_name=ACMEclient client_version=0.2.1 domain_name=staging.amqphosting.com
2017-07-16 16:48.51 sign_message ACME_CERTIFICATE_AUTHORITY_URL=https://acme-staging.api.letsencrypt.org client_name=ACMEclient client_version=0.2.1 domain_name=staging.amqphosting.com
2017-07-16 16:48.54 the_end message=Certificate Succesfully issued. The certificate, certificate key and account key have been saved in the current directory
And here are the logs when using the production endpoint:
CLOUDFLARE_EMAIL=example CLOUDFLARE_API_KEY=example CLOUDFLARE_DNS_ZONE_ID=example sewer --dns cloudflare --action run --email test@gmail.com --domains production.amqphosting.com --endpoint production
2017-07-16 14:37.20 chosen_dns_provider message=Using cloudflare as dns provider.
2017-07-16 14:37.20 create_certificate_key client_name=ACMEclient
2017-07-16 14:37.21 create_csr client_name=ACMEclient
2017-07-16 14:37.21 get_certificate_chain client_name=ACMEclient
2017-07-16 14:37.21 get_certificate_chain_response client_name=ACMEclient status_code=200
2017-07-16 14:37.21 create_account_key client_name=ACMEclient
2017-07-16 14:37.21 write_account_key message=account key succesfully written to current directory.
2017-07-16 14:37.24 create_cloudflare_dns_record_response dns_provider_name=cloudflare response={u’errors’: [], u’messages’: [], u’result’: {u’proxiable’: False, u’locked’: False, u’name’: u’_acme-challenge.production.amqphosting.com’, u’proxied’: False, u’content’: u’BqxVZ3T9YM0Iy3pdwJO8yEAemQTm-q3QMMITtYHoU-k’, u’created_on’: u’2017-07-16T14:37:24.657203Z’, u’meta’: {u’auto_added’: False}, u’ttl’: 1, u’modified_on’: u’2017-07-16T14:37:24.657203Z’, u’zone_name’: u’amqphosting.com’, u’type’: u’TXT’, u’id’: u’a66998bc9b76351c2ade26b28348ca18’, u’zone_id’: u’812286a52c9bc8ae5f210b77d1384a41’}, u’success’: True} status_code=200
2017-07-16 14:37.24 notify_acme_challenge_set ACME_CERTIFICATE_AUTHORITY_URL=https://acme-v01.api.letsencrypt.org client_name=ACMEclient client_version=0.2.1 domain_name=production.amqphosting.com
2017-07-16 14:37.24 make_signed_acme_request ACME_CERTIFICATE_AUTHORITY_URL=https://acme-v01.api.letsencrypt.org client_name=ACMEclient client_version=0.2.1 domain_name=production.amqphosting.com
2017-07-16 14:37.24 get_acme_header ACME_CERTIFICATE_AUTHORITY_URL=https://acme-v01.api.letsencrypt.org client_name=ACMEclient client_version=0.2.1 domain_name=production.amqphosting.com
2017-07-16 14:37.24 sign_message ACME_CERTIFICATE_AUTHORITY_URL=https://acme-v01.api.letsencrypt.org client_name=ACMEclient client_version=0.2.1 domain_name=production.amqphosting.com
2017-07-16 14:37.25 notify_acme_challenge_set_response ACME_CERTIFICATE_AUTHORITY_URL=https://acme-v01.api.letsencrypt.org client_name=ACMEclient client_version=0.2.1 domain_name=production.amqphosting.com response={u’status’: u’pending’, u’keyAuthorization’: u’uqgkxjV61LOaxGrvQzC0lX8xPPj731k4pdsVpwHJY_g.PvhI24jYZ67gFBch_g-5n5nDr-j3CxBEqsM-ZtiEx00’, u’token’: u’uqgkxjV61LOaxGrvQzC0lX8xPPj731k4pdsVpwHJY_g’, u’type’: u’dns-01’, u’uri’: u’https://acme-v01.api.letsencrypt.org/acme/challenge/ZHcJ_ixppQwIknE19MpPUvFLCC3o6YhIVEGo8d1I-Ww/1556759370’} status_code=202
2017-07-16 14:37.25 check_challenge ACME_CERTIFICATE_AUTHORITY_URL=https://acme-v01.api.letsencrypt.org client_name=ACMEclient client_version=0.2.1 domain_name=production.amqphosting.com
2017-07-16 14:37.29 check_challenge_status_response ACME_CERTIFICATE_AUTHORITY_URL=https://acme-v01.api.letsencrypt.org client_name=ACMEclient client_version=0.2.1 domain_name=production.amqphosting.com number_of_checks=1 response={u’status’: u’invalid’, u’keyAuthorization’: u’uqgkxjV61LOaxGrvQzC0lX8xPPj731k4pdsVpwHJY_g.PvhI24jYZ67gFBch_g-5n5nDr-j3CxBEqsM-ZtiEx00’, u’uri’: u’https://acme-v01.api.letsencrypt.org/acme/challenge/ZHcJ_ixppQwIknE19MpPUvFLCC3o6YhIVEGo8d1I-Ww/1556759370’, u’token’: u’uqgkxjV61LOaxGrvQzC0lX8xPPj731k4pdsVpwHJY_g’, u’error’: {u’status’: 403, u’type’: u’urn:acme:error:unauthorized’, u’detail’: u’No TXT records found for DNS challenge’}, u’type’: u’dns-01’} status_code=202
.
.
15 other check_challenge
log events here(looks like that acme client checks for challenge upto 15 times with about 4 seconds between each check)
.
.
2017-07-16 14:37.32 check_challenge_status_response ACME_CERTIFICATE_AUTHORITY_URL=https://acme-v01.api.letsencrypt.org client_name=ACMEclient client_version=0.2.1 domain_name=production.amqphosting.com number_of_checks=16 response={u’status’: u’invalid’, u’keyAuthorization’: u’uqgkxjV61LOaxGrvQzC0lX8xPPj731k4pdsVpwHJY_g.PvhI24jYZ67gFBch_g-5n5nDr-j3CxBEqsM-ZtiEx00’, u’uri’: u’https://acme-v01.api.letsencrypt.org/acme/challenge/ZHcJ_ixppQwIknE19MpPUvFLCC3o6YhIVEGo8d1I-Ww/1556759370’, u’token’: u’uqgkxjV61LOaxGrvQzC0lX8xPPj731k4pdsVpwHJY_g’, u’error’: {u’status’: 403, u’type’: u’urn:acme:error:unauthorized’, u’detail’: u’No TXT records found for DNS challenge’}, u’type’: u’dns-01’} status_code=202
2017-07-16 14:37.32 check_challenge ACME_CERTIFICATE_AUTHORITY_URL=https://acme-v01.api.letsencrypt.org client_name=ACMEclient client_version=0.2.1 domain_name=production.amqphosting.com error=Number of checks done is 16 which is greater than the maximum allowed of 15.
The error from letsencrypt production server for all those 15 checks is: No TXT records found for DNS challenge
I immediately used a dns client(dig
), and we can see that the TXT record exists:
dig _acme-challenge.production.amqphosting.com -t TXT
;; ANSWER SECTION:
_acme-challenge.production.amqphosting.com. 299 IN TXT “BqxVZ3T9YM0Iy3pdwJO8yEAemQTm-q3QMMITtYHoU-k”
;; Query time: 24 msec