Where should the name of domain and text record be added for acme.sh DNS manual method?


#1

I am trying to issue a certificate for a sample domain created from GoDaddy. I am getting the following error while renewal after giving the domain name and Text value in the GoDaddy DNS management. I am not able to find out where I went wrong

My domain is: simpletestdomain.fun

I ran this command: ./acme.sh --issue -d simpleplaytestdomain1.fun --dns --yes-I-know-dns-manual-mode-enough-go-ahead-please --renew

It produced this output:

Renew: ‘simpleplaytestdomain1.fun’
[Thu Jul 12 01:34:28 UTC 2018] Single domain=‘simpleplaytestdomain1.fun’
[Thu Jul 12 01:34:28 UTC 2018] Getting domain auth token for each domain
[Thu Jul 12 01:34:28 UTC 2018] Verifying:simpleplaytestdomain1.fun
[Thu Jul 12 01:34:31 UTC 2018] simpleplaytestdomain1.fun:Verify error:DNS problem: NXDOMAIN looking up TXT for _acme-challenge.simpleplaytestdomain1.fun
[Thu Jul 12 01:34:31 UTC 2018] Please check log file for more details: /root/.acme.sh/acme.sh.log
[Thu Jul 12 01:34:31 UTC 2018] The dns manual mode can not renew automatically, you must issue it again manually. You’d better use the other modes instead.

My web server is (include version): RHEL, AmazonEC2

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is: G0Daddy

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):


Creating a webservice for analysis of common problems
#2

Hi,

DNS Manual mode, as the name claims, it’s the manual mode that you’ll need to manually log in to your DNS control panel (sometimes Domain control panel) & add your DNS record manually.

P.S. it seems that you are using GoDaddy (or it’s reseller or whatever related to GoDaddy) as your DNS provider, you could use GoDaddy API to automatically update your records (w/ acme.sh)

use--dns dns_gd instead of manual would help (fill in your api key first)

full command would be: ./acme.sh --issue -d simpleplaytestdomain1.fun --dns dns_gd --renew (Configture your GoDaddy API key under .acme.sh/dnsapi/dns_gd.sh)

Thank you


#3

Hi @Pradeep,

@stevenzhu’s suggestion is very helpful here and could let you automate the process to be much more reliable and convenient.

I did my own investigation and found that you’ve accidentally created _acme-challenge.simpleplaytestdomain1.fun.simpleplaytestdomain1.fun instead of _acme-challenge.simpleplaytestdomain1.fun. This is a very common error when your DNS administration interface automatically adds the base domain name to every record for you but you don’t realize that it’s going to do that!


#4

Thank you @schoen @stevenzhu. For some reason I heve to use DNS manual mode. I still cannot figure out where I went wrong. Can you please point out?


#5

In your zone editor, it probably asked you for the name of the record to create and you entered _acme-challenge.simpleplaytestdomain1.fun. However the DNS software was already going to automatically add simpleplaytestdomain1.fun to whichever value you entered. Therefore, in that particular context you should only have entered _acme-challenge (by itself) as the record name.


#6

Thank you @schoen. It worked that way, but after the certificate is issued it the end it gave out a call hook error.


#7

Well, I’m not familiar enough with acme.sh to know the reason for that error, but maybe there’s a log file that contains more detailed information?

It doesn’t seem like the error prevented the issuance of your certificate, in any case.


#8

Hi,

From acme.sh’s github page, the error seems to be a regular line for manual DNS mode…
As two Issues had been submitted…

https://github.com/Neilpang/acme.sh/issues/1607 | https://github.com/Neilpang/acme.sh/issues/1586

The author does not respond to those issues. (As @schoen stateed, it doesn’t prevent cert being issued… so maybe it was trying to set renewal??)

Thank you


#9

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.