We have a client that’s currently encountering an issue generating certificates for one of their domains. Although everything seems to be resolving, including the ‘_acme-challenge’ TXT response (dns challenge), the user still receives the following error:
Time limit exceeded. Last error: NS j.gtld-servers.net. did not return the expected TXT record
Does anyone have any ideas what may cause this? Thanks in advance!
Below is a dig against the challenge on our direct nameserver:
dig _acme-challenge.www.yrrkhv6v55a5r.serverclickdefense.com @ns1.cycle.io TXT ; <<>> DiG 9.10.6 <<>> _acme-challenge.www.yrrkhv6v55a5r.serverclickdefense.com @ns1.cycle.io TXT ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59900 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;_acme-challenge.www.yrrkhv6v55a5r.serverclickdefense.com. IN TXT ;; ANSWER SECTION: _acme-challenge.www.yrrkhv6v55a5r.serverclickdefense.com. 600 IN TXT "xxxxxxxx_xxxxxxxxx" ;; Query time: 18 msec ;; SERVER: 220.127.116.11#53(18.104.22.168) ;; WHEN: Fri Dec 07 09:43:12 PST 2018 ;; MSG SIZE rcvd: 186