Trying to get the dns text to enter the dns challenge

I am trying to get the correct text to enter the DNS challenge in _acme-challenge.wachtell.net. I ran Certbot. However, even though I entered "--debug-challenges" it did not show the expected text to enter the DNS challenge.

My domain is: wachtell.net

I ran this command:
certbot certonly --manual --manual-auth-hook /etc/letsencrypt/acme-dns-auth.py --preferred-challenges dns --debug-challenges -d *.wachtell.net -d wachtell.net
It produced this output:
Domain: wachtell.net
Type: dns
Detail: DNS problem: NXDOMAIN looking up TXT for
_acme-challenge.wachtell.net - check that a DNS record exists for
this domain
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 0.40.0

You seem to be using acme-dns, which usually requires a CNAME pointing to the acme-dns instance. Did you do that step? I assume you read the acme-dns documentation, right? Otherwise you wouldn't be using acme-dns-auth.py as a manual auth hook I'd think.

3 Likes

Using this online tool https://dnsspy.io/ search for DNS records on these results DNS Spy report for wachtell.net to find the DNS records (towards the bottom of the page).

Or using this online tool https://www.hardenize.com/ here are the DNS Records Hardenize Report: wachtell.net

And for those who like https://dnsviz.net/ here are the results wachtell.net | DNSViz

And description of DNS-01 challenge

1 Like

And this is what I see with nslookup

$ nslookup
> server ns01.one.com.
Default server: ns01.one.com.
Address: 195.206.121.10#53
> set q=txt
> _acme-challenge.wachtell.net
Server:         ns01.one.com.
Address:        195.206.121.10#53

_acme-challenge.wachtell.net    text = "nothing"
>

And with https://unboundtest.com/ the results are here https://unboundtest.com/m/TXT/_acme-challenge.wachtell.net/J7AGXMVY

1 Like

Maybe I did not explain the problem well enough. I want to enter the CNAME for _acme-challenge.wachtell.net in my DNS. I followed this guide:

I may have misunderstood it, but though that it give me an output like this:

Output...
Output from acme-dns-auth.py:
Please add the following CNAME record to your main DNS zone:
_acme-challenge.your-domain CNAME a15ce5b2-f170-4c91-97bf-09a5764a88f6.auth.acme-dns.io.
Waiting for verification...
...
However, somehow the script continues to run, cleans up, and does not show the "add the following CNAME record to your main DNS...". Can you help?
2 Likes

Continuing the discussion from DNS providers who easily integrate with Let's Encrypt DNS validation:

1 Like

Hi Bruce,
Thank you for your investigation and clearly I did not explain the problem well enough. I want to be able to get a certificate but I have not been able to write the correct text into the _acme-challenge.wachtell.net text = "nothing" field. Can you help?

3 Likes

It will only show those instructions the very first time you run the hook. After that, not any longer.

You might be able the fetch the required CNAME value from the file /etc/letsencrypt/acmedns.json.

5 Likes

Thank you. I am in the process of moving to cloudflaire which is on your list.

3 Likes

Thanks, that was exactly what I was looking for.

4 Likes

Just giving credit where credit is due, the list is from @_az; I merely pointed to their list. :slight_smile:

1 Like