My domain is: dfkunde.de
I ran this command: I'm using the C# library Certes to call the staging ACME v2 API, so no "command" here.
It produced this output: Fail to load resource from 'https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/164529708/qp56Dg'. urn:ietf:params:acme:error:malformed: Unable to update challenge :: authorization must be pending
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): I wrote the control panel myself.
I'm confused about the process. The last thing I've learned is that starting the challenge doesn't mean it's succeeded. It can reply with "give me more time" (Pending) and I see this once before it replies with an error. And according to the Certes examples (and what has worked in a separate test application) I can immediately call the finalize method and get a certificate. But in this whole setup, it doesn't work. I have no idea why. (Actually I didn't need any time in my test app, calling
Validate and then immediately
Generate just worked fine a few times. Is it much slower today than 2 days ago?)
I'm requesting a normal certificate (not wildcard) for two domains, dfkunde.de and the www subdomain. I request DNS challenge and get two challenges. I add them to my DNS, wait until primary and secondary nameserver resolve them all, and then validate them. When all challenges are valid, I proceed. And that fails now.
Actually I need this to be working pretty soon as it's the last part of my server migration. I previously used Certbot but that isn't available anymore if you don't agree to using snap, and I found it would be better to integrate the process into my control panel instead of hacking with external client software that doesn't know anything about my server environment.
Can you please explain, in simple words (ie. not RFC language), what steps I must perform for a DNS validation? I know of these:
- Start order
- Get authorisations
- Get DNS challenges
- Write TXT records to DNS, wait for resolving
- Validate all challenges, expect "valid" response, otherwise retry (I retry every 10s)
- Finalise order and download certificate (Certes combines these as