I am trying to issue a certificate for a sample domain created from GoDaddy. I am getting the following error while renewal after giving the domain name and Text value in the GoDaddy DNS management. I am not able to find out where I went wrong
My domain is: simpletestdomain.fun
I ran this command: ./acme.sh --issue -d simpleplaytestdomain1.fun --dns --yes-I-know-dns-manual-mode-enough-go-ahead-please --renew
Renew: ‘simpleplaytestdomain1.fun’
[Thu Jul 12 01:34:28 UTC 2018] Single domain=‘simpleplaytestdomain1.fun’
[Thu Jul 12 01:34:28 UTC 2018] Getting domain auth token for each domain
[Thu Jul 12 01:34:28 UTC 2018] Verifying:simpleplaytestdomain1.fun
[Thu Jul 12 01:34:31 UTC 2018] simpleplaytestdomain1.fun:Verify error:DNS problem: NXDOMAIN looking up TXT for _acme-challenge.simpleplaytestdomain1.fun
[Thu Jul 12 01:34:31 UTC 2018] Please check log file for more details: /root/.acme.sh/acme.sh.log
[Thu Jul 12 01:34:31 UTC 2018] The dns manual mode can not renew automatically, you must issue it again manually. You’d better use the other modes instead.
My web server is (include version): RHEL, AmazonEC2
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is: G0Daddy
I can login to a root shell on my machine (yes or no, or I don’t know): Yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
DNS Manual mode, as the name claims, it’s the manual mode that you’ll need to manually log in to your DNS control panel (sometimes Domain control panel) & add your DNS record manually.
P.S. it seems that you are using GoDaddy (or it’s reseller or whatever related to GoDaddy) as your DNS provider, you could use GoDaddy API to automatically update your records (w/ acme.sh)
use--dns dns_gd instead of manual would help (fill in your api key first)
full command would be: ./acme.sh --issue -d simpleplaytestdomain1.fun --dns dns_gd --renew (Configture your GoDaddy API key under .acme.sh/dnsapi/dns_gd.sh)
@stevenzhu’s suggestion is very helpful here and could let you automate the process to be much more reliable and convenient.
I did my own investigation and found that you’ve accidentally created _acme-challenge.simpleplaytestdomain1.fun.simpleplaytestdomain1.fun instead of _acme-challenge.simpleplaytestdomain1.fun. This is a very common error when your DNS administration interface automatically adds the base domain name to every record for you but you don’t realize that it’s going to do that!
In your zone editor, it probably asked you for the name of the record to create and you entered _acme-challenge.simpleplaytestdomain1.fun. However the DNS software was already going to automatically addsimpleplaytestdomain1.fun to whichever value you entered. Therefore, in that particular context you should only have entered _acme-challenge (by itself) as the record name.
