I am using ansible tower to run LE and it works fine usually. However I created a new DNS zone and I am having issues . My ansible playbook script is able to create the acme TXT record but then fails to validate it
My domain is: openbluecloud.cn
{
"other": {
"identifier": "dns:*.openbluecloud.cn",
"authorization": {
"identifier": {
"type": "dns",
"value": "openbluecloud.cn"
},
"status": "invalid",
"expires": "2022-07-12T12:59:06Z",
"challenges": [
{
"type": "dns-01",
"status": "invalid",
"error": {
"type": "urn:ietf:params:acme:error:unauthorized",
"detail": "No TXT record found at _acme-challenge.openbluecloud.cn",
"status": 403
},
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/BLABLA",
"token": "BLABLA",
"validated": "2022-07-05T12:59:16Z"
}
],
"wildcard": true,
"uri": "https://acme-v02.api.letsencrypt.org/acme/authz-v3/BLABLA"
}
},
"msg": "Failed to validate challenge for dns:*.openbluecloud.cn: Status is \"invalid\" and not \"valid\". Challenge dns-01: Error urn:ietf:params:acme:error:unauthorized: \"No TXT record found at _acme-challenge.openbluecloud.cn\".",
"invocation": {
"module_args": {
"account_key_content": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"account_email": "be-taas-devops@jci.com",
"csr": "/tmp/request.csr",
"cert": "/tmp/cert.crt",
"fullchain": "/tmp/fullchain.crt",
"chain": "/tmp/intermediates.crt",
"challenge": "dns-01",
"acme_version": 2,
"acme_directory": "https://acme-v02.api.letsencrypt.org/directory",
"remaining_days": 30,
"data": {
"changed": true,
"authorizations": {
"*.openbluecloud.cn": {
"identifier": {
"type": "dns",
"value": "openbluecloud.cn"
},
"status": "pending",
"expires": "2022-07-12T12:59:06Z",
"challenges": [
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/BLABLA",
"token": "BLABLABLA"
}
],
"wildcard": true,
"uri": "https://acme-v02.api.letsencrypt.org/acme/authz-v3/BLABLA"
}
},
"finalize_uri": "https://acme-v02.api.letsencrypt.org/acme/finalize/BLABLA",
"order_uri": "https://acme-v02.api.letsencrypt.org/acme/order/BLABLA",
"account_uri": "https://acme-v02.api.letsencrypt.org/acme/acct/BLABLA",
"challenge_data": {
"*.openbluecloud.cn": {
"dns-01": {
"resource": "_acme-challenge",
"resource_value": "BLABLA",
"record": "_acme-challenge.openbluecloud.cn"
}
}
},
"challenge_data_dns": {
"_acme-challenge.openbluecloud.cn": [
"BLABLA"
]
},
"cert_days": -1,
"failed": false,
"attempts": 1
},
"terms_agreed": true,
"force": true,
"dest": "/tmp/cert.crt",
"fullchain_dest": "/tmp/fullchain.crt",
"chain_dest": "/tmp/intermediates.crt",
"validate_certs": true,
"select_crypto_backend": "auto",
"modify_account": true,
"deactivate_authzs": false,
"retrieve_all_alternates": false,
"account_key_src": null,
"account_key_passphrase": null,
"account_uri": null,
"agreement": null,
"csr_content": null,
"select_chain": null
}
},
"_ansible_no_log": false,
"attempts": 5,
"changed": false
}