Win-Acme Renewal Failing Suddenly with DNS-01 (Dreamhost)

Help
1

My domain is:
simon4d.bel.com

Note that "simon4d" is a CNAME to a dynamic DNS entry to bel.com as it is a different host than the rest of bel.com. This configuration has worked for years.

I'm using win-acme. The failure started with version 2.2.6.1571. The automatic renewal 2 months ago completed successfully and nothing has changed. In troubleshooting, I updated to 2.2.9.1701. I also updated the Dreamhost DNS plugin.

I checked the DNS records at Dreamhost, and there are no existing TXT records.

Below is the log from the original failure report:

Information - Plugin "Manual" generated source "simon4d.bel.com" with 1 identifiers
Information - Plugin "Single" created 1 order
Error - Error getting renewal information from server
Information - Renewing "[Manual] simon4d.bel.com"
Information - ["simon4d.bel.com"] Authorizing...
Information - ["simon4d.bel.com"] Authorizing using "dns-01" validation ("Dreamhost")
Information - Dreamhost Responded with: "{\"data\":\"record_added\",\"result\":\"success\"}"
Information - Waiting for 30 seconds
Warning - ["simon4d.bel.com"] ["162.159.27.84"] No TXT records found
Warning - ["simon4d.bel.com"] ["162.159.26.14"] No TXT records found
Warning - ["simon4d.bel.com"] ["162.159.26.81"] No TXT records found
Information - ["simon4d.bel.com"] Preliminary validation failed on all nameservers
Information - Will retry in 30 seconds (retry 1/5)...
Warning - ["simon4d.bel.com"] ["162.159.27.84"] No TXT records found
Warning - ["simon4d.bel.com"] ["162.159.26.14"] No TXT records found
Warning - ["simon4d.bel.com"] ["162.159.26.81"] No TXT records found
Information - ["simon4d.bel.com"] Preliminary validation failed on all nameservers
Information - Will retry in 30 seconds (retry 2/5)...
Warning - ["simon4d.bel.com"] ["162.159.27.84"] No TXT records found
Warning - ["simon4d.bel.com"] ["162.159.26.14"] No TXT records found
Warning - ["simon4d.bel.com"] ["162.159.26.81"] No TXT records found
Information - ["simon4d.bel.com"] Preliminary validation failed on all nameservers
Information - Will retry in 30 seconds (retry 3/5)...
Warning - ["simon4d.bel.com"] ["162.159.27.84"] No TXT records found
Warning - ["simon4d.bel.com"] ["162.159.26.14"] No TXT records found
Warning - ["simon4d.bel.com"] ["162.159.26.81"] No TXT records found
Information - ["simon4d.bel.com"] Preliminary validation failed on all nameservers
Information - Will retry in 30 seconds (retry 4/5)...
Warning - ["simon4d.bel.com"] ["162.159.27.84"] No TXT records found
Warning - ["simon4d.bel.com"] ["162.159.26.14"] No TXT records found
Warning - ["simon4d.bel.com"] ["162.159.26.81"] No TXT records found
Information - ["simon4d.bel.com"] Preliminary validation failed on all nameservers
Information - Will retry in 30 seconds (retry 5/5)...
Warning - ["simon4d.bel.com"] ["162.159.27.84"] No TXT records found
Warning - ["simon4d.bel.com"] ["162.159.26.14"] No TXT records found
Warning - ["simon4d.bel.com"] ["162.159.26.81"] No TXT records found
Information - ["simon4d.bel.com"] Preliminary validation failed on all nameservers
Information - It looks like validation is going to fail, but we will try now anyway...
Error - ["simon4d.bel.com"] Authorization result: "invalid"
Error - ["simon4d.bel.com"] "{\"type\":\"urn:ietf:params:acme:error:dns\",\"detail\":\"During secondary validation: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.simon4d.bel.com - check that a DNS record exists for this domain\",\"status\":400,\"instance\":null}"
Information - Dreamhost Responded with: "{\"data\":\"record_removed\",\"result\":\"success\"}"
Information - Waiting for 30 seconds
Information - ["simon4d.bel.com"] Deactivating pending authorization
Information - Script "C:\win-acme\simon-pem-replace.bat" starting with parameters "m_-Y7hYwYEeYI1FZlFqYSg"
Information - Script finished
Error - Renewal for "[Manual] simon4d.bel.com" failed, will retry on next run
Error - Validation failed
Error - No certificate generated

After updating win-acme and all, here's what I am seeing now when I force the renewal in verbose mode:

 [VERB] Autofac: creating Execution scope with parent wacs
 [VERB] Autofac: creating PluginBackend<ITargetPlugin> scope with parent Execution
 [INFO] Plugin Manual generated source simon4d.bel.com with 1 identifiers
 [VERB] Autofac: creating Split scope with parent PluginBackend<ITargetPlugin>
 [VERB] Autofac: creating PluginBackend<IOrderPlugin> scope with parent Split
 [INFO] Plugin Single created 1 order
 [INFO] Force renewing [Manual] simon4d.bel.com
 [VERB] Autofac: creating Order scope with parent PluginBackend<ITargetPlugin>
 [VERB] Autofac: creating PluginBackend<ICsrPlugin> scope with parent order-main
 [DBUG] Previous certificate found at C:\ProgramData\win-acme\acme-v02.api.letsencrypt.org\Certificates\m_-Y7hYwYEeYI1FZlFqYSg-main-80c2c1c8320cc7e4bc562ff4195dc24b288be2cd-temp.pfx
 [DBUG] Reading certificate cache
 [DBUG] [HTTP] Send GET to https://acme-v02.api.letsencrypt.org/acme/renewal-info/ALUp8i2ObzHom0yteD763OkM0dI.BeS1whxxGRvqsaLMWGbmoQc2
 [VERB] [HTTP] Request completed with status OK
 [VERB] [HTTP] Response content: {
  "suggestedWindow": {
    "start": "2026-04-19T10:47:25Z",
    "end": "2026-04-21T05:58:15Z"
  }
}
 [VERB] Order Main should run (forced)
 [VERB] Obtain order details for Main
 [WARN] Cached order available but not used with --nocache option.
 [DBUG] Deactivating pre-existing authorization
 [DBUG] [HTTP] Send POST to https://acme-v02.api.letsencrypt.org/acme/authz/975039246/688493576511
 [VERB] [HTTP] Request content: {"protected":"eyJhbGciOiJFUzI1NiIsInVybCI6Imh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6Lzk3NTAzOTI0Ni82ODg0OTM1NzY1MTEiLCJub25jZSI6IndOMFdYQ3J4VjBzemY2eEFIR25xb1hNcGFJRTBsSUNyTWJNMlVCaUFjR3F2Z3dSOFNZSSIsImtpZCI6Imh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvOTc1MDM5MjQ2In0","payload":"eyJzdGF0dXMiOiJkZWFjdGl2YXRlZCJ9","signature":"SmQZ6zfHZZ7PBH5936qIbslWsp8QTH5TjPiOeLWTw750NNDnlccHA-SPjBMz3lkz76_pIumVh_Pv-Vy9Y9Qbpw"}
 [VERB] [HTTP] Request completed with status OK
 [VERB] [HTTP] Response content: {
  "identifier": {
    "type": "dns",
    "value": "simon4d.bel.com"
  },
  "status": "deactivated",
  "expires": "2026-04-22T09:28:29Z",
  "challenges": [
    {
      "type": "dns-01",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall/975039246/688493576511/61DPbQ",
      "status": "invalid",
      "validated": "2026-04-15T09:29:00Z",
      "error": {
        "type": "urn:ietf:params:acme:error:dns",
        "detail": "DNS problem: NXDOMAIN looking up TXT for _acme-challenge.simon4d.bel.com - check that a DNS record exists for this domain",
        "status": 400
      },
      "token": "n1YKoeGgvTqm_JbiSSvHOn81MMaDhSiJak51f0STRPk"
    }
  ]
}
 [DBUG] Deleted C:\ProgramData\win-acme\acme-v02.api.letsencrypt.org\Orders\d79c060dc5ca26c504156dfa85e595525fcc175d.order.json
 [VERB] Creating order for identifiers: ["simon4d.bel.com"] (notAfter: null, previous: 1BE5728405D273C83A6C5BD9E92BA5816A3D955D)
 [DBUG] [HTTP] Send POST to https://acme-v02.api.letsencrypt.org/acme/new-order
 [VERB] [HTTP] Request content: {"protected":"eyJhbGciOiJFUzI1NiIsInVybCI6Imh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL25ldy1vcmRlciIsIm5vbmNlIjoibmtxM2trc1pIRGh6dEFabHRjekVXYnpYU3lObE94QnBoRnQ2TEtnVWQtdFNaQ25hcWNNIiwia2lkIjoiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC85NzUwMzkyNDYifQ","payload":"eyJpZGVudGlmaWVycyI6W3sidHlwZSI6ImRucyIsInZhbHVlIjoic2ltb240ZC5iZWwuY29tIn1dLCJyZXBsYWNlcyI6IkFMVXA4aTJPYnpIb20weXRlRDc2M09rTTBkSS5CZVMxd2h4eEdSdnFzYUxNV0dibW9RYzIifQ","signature":"QTIFALgfEP2RQwJ42EemGrgfzaWknb9cFq_msDATVd18iGRt11wcvDfpPeRqtxmVpFqmGdHyd2Bl3DVY8ZuIYQ"}
 [VERB] [HTTP] Request completed with status Created
 [VERB] [HTTP] Response content: {
  "status": "pending",
  "expires": "2026-04-22T09:37:44Z",
  "identifiers": [
    {
      "type": "dns",
      "value": "simon4d.bel.com"
    }
  ],
  "authorizations": [
    "https://acme-v02.api.letsencrypt.org/acme/authz/975039246/688496686601"
  ],
  "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/975039246/500907532751",
  "replaces": "ALUp8i2ObzHom0yteD763OkM0dI.BeS1whxxGRvqsaLMWGbmoQc2"
}
 [VERB] Order https://acme-v02.api.letsencrypt.org/acme/order/975039246/500907532751 created
 [DBUG] [HTTP] Send POST to https://acme-v02.api.letsencrypt.org/acme/authz/975039246/688496686601
 [VERB] [HTTP] Request content: {"protected":"eyJhbGciOiJFUzI1NiIsInVybCI6Imh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6Lzk3NTAzOTI0Ni82ODg0OTY2ODY2MDEiLCJub25jZSI6IndOMFdYQ3J4UGlrelVkc2F6S2Q5aEMzWlh4cUZHUGtJUXZoVnp0Y1B3Tl9hdFB4MkNBOCIsImtpZCI6Imh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvOTc1MDM5MjQ2In0","payload":"","signature":"G3u8V7K42_Ejp4WiNX8x_1faRNPApsyLBYIkt4qTFvRtFT_gTA8IDutP7WBiovtWD0N38TN3QTbXenKYQtWQww"}
 [VERB] [HTTP] Request completed with status OK
 [VERB] [HTTP] Response content: {
  "identifier": {
    "type": "dns",
    "value": "simon4d.bel.com"
  },
  "status": "pending",
  "expires": "2026-04-22T09:37:44Z",
  "challenges": [
    {
      "type": "tls-alpn-01",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall/975039246/688496686601/XJzqaA",
      "status": "pending",
      "token": "xrkKX5gmM8curZnv29ZHJrELUDZlfRfGcnOyHRzHiYs"
    },
    {
      "type": "http-01",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall/975039246/688496686601/EUUV4g",
      "status": "pending",
      "token": "xrkKX5gmM8curZnv29ZHJrELUDZlfRfGcnOyHRzHiYs"
    },
    {
      "type": "dns-01",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall/975039246/688496686601/Zu-vXQ",
      "status": "pending",
      "token": "xrkKX5gmM8curZnv29ZHJrELUDZlfRfGcnOyHRzHiYs"
    }
  ]
}
 [VERB] Autofac: creating Target scope with parent PluginBackend<ICsrPlugin>
 [VERB] Autofac: creating PluginFrontend<ValidationPluginOptions> scope with parent target
 [VERB] No W3SVC detected
 [VERB] No FTPSVC detected
 [VERB] Autofac: creating PluginBackend<IValidationPlugin> scope with parent PluginBackend<ICsrPlugin>
 [VERB] Adding 8.8.8.8 as DNS server
 [VERB] Adding 1.1.1.1 as DNS server
 [VERB] Adding 8.8.4.4 as DNS server
 [VERB] Handle authorization 1/1
 [VERB] Autofac: creating PluginBackend<IValidationPlugin> scope with parent PluginBackend<ICsrPlugin>
 [INFO] [simon4d.bel.com] Authorizing...
 [VERB] [simon4d.bel.com] Initial authorization status: pending
 [VERB] [simon4d.bel.com] Challenge types available: ["tls-alpn-01", "http-01", "dns-01"]
 [VERB] [simon4d.bel.com] Initial challenge status: pending
 [INFO] [simon4d.bel.com] Authorizing using dns-01 validation (Dreamhost)
 [DBUG] Querying name servers for bel.com
 [VERB] Found nsRecords: ["ns2.dreamhost.com.", "ns1.dreamhost.com.", "ns3.dreamhost.com."]
 [VERB] Querying IP for name server ns2.dreamhost.com.
 [VERB] Name server IP 162.159.26.81 identified
 [VERB] Querying IP for name server ns1.dreamhost.com.
 [VERB] Name server IP 162.159.26.14 identified
 [VERB] Querying IP for name server ns3.dreamhost.com.
 [VERB] Name server IP 162.159.27.84 identified
 [DBUG] Querying name servers for simon4d.bel.com
 [VERB] Error from 162.159.26.81: Non-Existent Domain
 [VERB] No specific name servers identified for simon4d.bel.com
 [DBUG] Querying name servers for _acme-challenge.simon4d.bel.com
 [VERB] Error from 162.159.26.81: Non-Existent Domain
 [VERB] No specific name servers identified for _acme-challenge.simon4d.bel.com
 [VERB] Query CNAME for _acme-challenge.simon4d.bel.com at 162.159.26.81
 [VERB] Error from 162.159.26.81: Non-Existent Domain
 [DBUG] [simon4d.bel.com] Attempting to create DNS record under _acme-challenge.simon4d.bel.com...
 [INFO] Dreamhost Responded with: {"data":"record_added","result":"success"}
 [INFO] Waiting for 30 seconds
 [INFO] [simon4d.bel.com] Record A5w7QMb-kZjN3O267Yw1SKiIKM_lz4mkCY163vAu9tk successfully created
 [VERB] Starting commit stage
 [VERB] Commit was succesful
 [DBUG] [simon4d.bel.com] Submitting challenge answer
 [DBUG] [HTTP] Send POST to https://acme-v02.api.letsencrypt.org/acme/chall/975039246/688496686601/Zu-vXQ
 [VERB] [HTTP] Request content: {"protected":"eyJhbGciOiJFUzI1NiIsInVybCI6Imh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2NoYWxsLzk3NTAzOTI0Ni82ODg0OTY2ODY2MDEvWnUtdlhRIiwibm9uY2UiOiJua3Eza2tzWjBkU2x4c0dCblZVdHJLQnZjX2J5clo2ZEFYYWRCbHFQSnY3VXdyV1VVdUUiLCJraWQiOiJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hY2N0Lzk3NTAzOTI0NiJ9","payload":"e30","signature":"zZsL8ESWkl25MYdpghcV-jHbAQ1voJM1xwf_ORKM34e0t3kNpbm66EGBRxfG1Yow2h4dGhAaqyfswoIk_Ug15g"}
 [VERB] [HTTP] Request completed with status OK
 [VERB] [HTTP] Response content: {
  "type": "dns-01",
  "url": "https://acme-v02.api.letsencrypt.org/acme/chall/975039246/688496686601/Zu-vXQ",
  "status": "pending",
  "token": "xrkKX5gmM8curZnv29ZHJrELUDZlfRfGcnOyHRzHiYs"
}
 [DBUG] Refreshing authorization (1/15)
 [DBUG] [HTTP] Send POST to https://acme-v02.api.letsencrypt.org/acme/chall/975039246/688496686601/Zu-vXQ
 [VERB] [HTTP] Request content: {"protected":"eyJhbGciOiJFUzI1NiIsInVybCI6Imh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2NoYWxsLzk3NTAzOTI0Ni82ODg0OTY2ODY2MDEvWnUtdlhRIiwibm9uY2UiOiJua3Eza2tzWklBTWs4UGRYdlc2X2ZLYmJreGxvQklYQWctNUh3SGZ6ZTA0bTdaVEhPV1UiLCJraWQiOiJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hY2N0Lzk3NTAzOTI0NiJ9","payload":"","signature":"MBB3mqITBtV9w2CSBsTGXXG0hMM5bRHB8fw7BFmkWtiDQifpA1Fp-RzcliwTkQoqtHuz8OtavxvUUC4PNT340Q"}
 [VERB] [HTTP] Request completed with status OK
 [VERB] [HTTP] Response content: {
  "type": "dns-01",
  "url": "https://acme-v02.api.letsencrypt.org/acme/chall/975039246/688496686601/Zu-vXQ",
  "status": "invalid",
  "validated": "2026-04-15T09:38:15Z",
  "error": {
    "type": "urn:ietf:params:acme:error:dns",
    "detail": "DNS problem: NXDOMAIN looking up TXT for _acme-challenge.simon4d.bel.com - check that a DNS record exists for this domain",
    "status": 400
  },
  "token": "xrkKX5gmM8curZnv29ZHJrELUDZlfRfGcnOyHRzHiYs"
}
 [EROR] [simon4d.bel.com] Authorization result: invalid
 [EROR] [simon4d.bel.com] {"type":"urn:ietf:params:acme:error:dns","detail":"DNS problem: NXDOMAIN looking up TXT for _acme-challenge.simon4d.bel.com - check that a DNS record exists for this domain","status":400,"instance":null}
 [VERB] Starting post-validation cleanup
 [INFO] Dreamhost Responded with: {"result":"success","data":"record_removed"}
 [INFO] Waiting for 30 seconds
 [INFO] [simon4d.bel.com] Record A5w7QMb-kZjN3O267Yw1SKiIKM_lz4mkCY163vAu9tk deleted
 [DBUG] DNS record cleanup finalized
 [VERB] Post-validation cleanup was successful
 [INFO] [simon4d.bel.com] Deactivating pending authorization
 [DBUG] [HTTP] Send POST to https://acme-v02.api.letsencrypt.org/acme/authz/975039246/688496686601
 [VERB] [HTTP] Request content: {"protected":"eyJhbGciOiJFUzI1NiIsInVybCI6Imh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6Lzk3NTAzOTI0Ni82ODg0OTY2ODY2MDEiLCJub25jZSI6IndOMFdYQ3J4Ym14TXY5QU5lQk1sMFFRQ2dLYTg1a2JlWnRJajE3NFU2RnZ2eVRXUGgxMCIsImtpZCI6Imh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvOTc1MDM5MjQ2In0","payload":"eyJzdGF0dXMiOiJkZWFjdGl2YXRlZCJ9","signature":"pXdkygKlohVwZ4smBmZojjkcoMmdOhIGfbbmBd457-_6LwJCJcnudc291hNAmUm5uEfukeg7Ho3fLSOzr-Bgog"}
 [VERB] [HTTP] Request completed with status OK
 [VERB] [HTTP] Response content: {
  "identifier": {
    "type": "dns",
    "value": "simon4d.bel.com"
  },
  "status": "deactivated",
  "expires": "2026-04-22T09:37:44Z",
  "challenges": [
    {
      "type": "dns-01",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall/975039246/688496686601/Zu-vXQ",
      "status": "invalid",
      "validated": "2026-04-15T09:38:15Z",
      "error": {
        "type": "urn:ietf:params:acme:error:dns",
        "detail": "DNS problem: NXDOMAIN looking up TXT for _acme-challenge.simon4d.bel.com - check that a DNS record exists for this domain",
        "status": 400
      },
      "token": "xrkKX5gmM8curZnv29ZHJrELUDZlfRfGcnOyHRzHiYs"
    }
  ]
}
 [VERB] Order 1/1 (Main): error Validation failed
 [VERB] Processing order 1/1: Main
 [EROR] Renewal for [Manual] simon4d.bel.com failed, will retry on next run
 [EROR] Validation failed
 [EROR] No certificate generated

Can anyone shed some light on what might have changed on its own since the last automatic renewal?

2

OK, so I didn't change anything, but it started working after a bunch of retries.

Here's the output from the final renewal:

 [VERB] Autofac: creating Execution scope with parent wacs
 [VERB] Autofac: creating PluginBackend<ITargetPlugin> scope with parent Execution
 [INFO] Plugin Manual generated source simon4d.bel.com with 1 identifiers
 [VERB] Autofac: creating Split scope with parent PluginBackend<ITargetPlugin>
 [VERB] Autofac: creating PluginBackend<IOrderPlugin> scope with parent Split
 [INFO] Plugin Single created 1 order
 [INFO] Force renewing [Manual] simon4d.bel.com
 [VERB] Autofac: creating Order scope with parent PluginBackend<ITargetPlugin>
 [VERB] Autofac: creating PluginBackend<ICsrPlugin> scope with parent order-main
 [DBUG] Previous certificate found at C:\ProgramData\win-acme\acme-v02.api.letsencrypt.org\Certificates\m_-Y7hYwYEeYI1FZlFqYSg-main-80c2c1c8320cc7e4bc562ff4195dc24b288be2cd-temp.pfx
 [DBUG] Reading certificate cache
 [DBUG] [HTTP] Send GET to https://acme-v02.api.letsencrypt.org/acme/renewal-info/ALUp8i2ObzHom0yteD763OkM0dI.BeS1whxxGRvqsaLMWGbmoQc2
 [VERB] [HTTP] Request completed with status OK
 [VERB] [HTTP] Response content: {
  "suggestedWindow": {
    "start": "2026-04-19T10:47:25Z",
    "end": "2026-04-21T05:58:15Z"
  }
}
 [VERB] Order Main should run (forced)
 [VERB] Obtain order details for Main
 [WARN] Cached order available but not used with --nocache option.
 [DBUG] Deactivating pre-existing authorization
 [DBUG] [HTTP] Send POST to https://acme-v02.api.letsencrypt.org/acme/authz/975039246/688504701641
 [VERB] [HTTP] Request content: {"protected":"eyJhbGciOiJFUzI1NiIsInVybCI6Imh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6Lzk3NTAzOTI0Ni82ODg1MDQ3MDE2NDEiLCJub25jZSI6ImFGNXBTUWxIdV9PZHJxNFVpaEFuT0k2ZHBPMENjbFZfQW9mVzlWbUx0SXZ3VkVidXcxOCIsImtpZCI6Imh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvOTc1MDM5MjQ2In0","payload":"eyJzdGF0dXMiOiJkZWFjdGl2YXRlZCJ9","signature":"0Nulnjnht-CIUmJshKeMyMsGvr6zowl6BLRHT_4BkXbwBkYez525aElofETQSW48EB17zI1mWsgvPXYxIKBb7Q"}
 [VERB] [HTTP] Request completed with status OK
 [VERB] [HTTP] Response content: {
  "identifier": {
    "type": "dns",
    "value": "simon4d.bel.com"
  },
  "status": "deactivated",
  "expires": "2026-04-22T10:01:51Z",
  "challenges": [
    {
      "type": "dns-01",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall/975039246/688504701641/Nar01g",
      "status": "invalid",
      "validated": "2026-04-15T10:02:22Z",
      "error": {
        "type": "urn:ietf:params:acme:error:dns",
        "detail": "DNS problem: NXDOMAIN looking up TXT for _acme-challenge.simon4d.bel.com - check that a DNS record exists for this domain",
        "status": 400
      },
      "token": "qRaYgvsjK1Ibt1Zoef2njTcol-70xn-aH7wrk3S9It0"
    }
  ]
}
 [DBUG] Deleted C:\ProgramData\win-acme\acme-v02.api.letsencrypt.org\Orders\d79c060dc5ca26c504156dfa85e595525fcc175d.order.json
 [VERB] Creating order for identifiers: ["simon4d.bel.com"] (notAfter: null, previous: 1BE5728405D273C83A6C5BD9E92BA5816A3D955D)
 [DBUG] [HTTP] Send POST to https://acme-v02.api.letsencrypt.org/acme/new-order
 [VERB] [HTTP] Request content: {"protected":"eyJhbGciOiJFUzI1NiIsInVybCI6Imh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL25ldy1vcmRlciIsIm5vbmNlIjoid04wV1hDcnhIODFHazZFSHc2cm4wZkhqTlRucEE1VFNoVGhyZ0wzWkdZNWtTSEVTZk84Iiwia2lkIjoiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC85NzUwMzkyNDYifQ","payload":"eyJpZGVudGlmaWVycyI6W3sidHlwZSI6ImRucyIsInZhbHVlIjoic2ltb240ZC5iZWwuY29tIn1dLCJyZXBsYWNlcyI6IkFMVXA4aTJPYnpIb20weXRlRDc2M09rTTBkSS5CZVMxd2h4eEdSdnFzYUxNV0dibW9RYzIifQ","signature":"hsENjKlrtHCK3liVkUlfxSdXaRa6XCkJsgMb1CUsMRyZfc1V3rWj2PVkIvoHlmyapGSNBihPoN4JDkhC8cqUGA"}
 [VERB] [HTTP] Request completed with status Created
 [VERB] [HTTP] Response content: {
  "status": "pending",
  "expires": "2026-04-22T10:04:29Z",
  "identifiers": [
    {
      "type": "dns",
      "value": "simon4d.bel.com"
    }
  ],
  "authorizations": [
    "https://acme-v02.api.letsencrypt.org/acme/authz/975039246/688505671211"
  ],
  "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/975039246/500913540681",
  "replaces": "ALUp8i2ObzHom0yteD763OkM0dI.BeS1whxxGRvqsaLMWGbmoQc2"
}
 [VERB] Order https://acme-v02.api.letsencrypt.org/acme/order/975039246/500913540681 created
 [DBUG] [HTTP] Send POST to https://acme-v02.api.letsencrypt.org/acme/authz/975039246/688505671211
 [VERB] [HTTP] Request content: {"protected":"eyJhbGciOiJFUzI1NiIsInVybCI6Imh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6Lzk3NTAzOTI0Ni82ODg1MDU2NzEyMTEiLCJub25jZSI6Im5rcTNra3NaN190WTRaOE02OGtuX3kwTWhJWnk0Yk9SSEk3SGRDQl81aWo1WFFwTkQ1cyIsImtpZCI6Imh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvOTc1MDM5MjQ2In0","payload":"","signature":"KL07L8OGcyxjUH5CGJl1_xlibh3WIewGIoHeNuSeARfujgFosr4StM-Ua1DbKhSiS4LaJlvGAKWAHDWxbY_x7Q"}
 [VERB] [HTTP] Request completed with status OK
 [VERB] [HTTP] Response content: {
  "identifier": {
    "type": "dns",
    "value": "simon4d.bel.com"
  },
  "status": "pending",
  "expires": "2026-04-22T10:04:29Z",
  "challenges": [
    {
      "type": "dns-01",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall/975039246/688505671211/tfBT3g",
      "status": "pending",
      "token": "DNdXMJEJGXsTN0koFw9yi8-28NX0qegdiBmaCpR08Yg"
    },
    {
      "type": "tls-alpn-01",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall/975039246/688505671211/0ac4pw",
      "status": "pending",
      "token": "DNdXMJEJGXsTN0koFw9yi8-28NX0qegdiBmaCpR08Yg"
    },
    {
      "type": "http-01",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall/975039246/688505671211/57-Ong",
      "status": "pending",
      "token": "DNdXMJEJGXsTN0koFw9yi8-28NX0qegdiBmaCpR08Yg"
    }
  ]
}
 [VERB] Autofac: creating Target scope with parent PluginBackend<ICsrPlugin>
 [VERB] Autofac: creating PluginFrontend<ValidationPluginOptions> scope with parent target
 [VERB] No W3SVC detected
 [VERB] No FTPSVC detected
 [VERB] Autofac: creating PluginBackend<IValidationPlugin> scope with parent PluginBackend<ICsrPlugin>
 [VERB] Handle authorization 1/1
 [VERB] Autofac: creating PluginBackend<IValidationPlugin> scope with parent PluginBackend<ICsrPlugin>
 [INFO] [simon4d.bel.com] Authorizing...
 [VERB] [simon4d.bel.com] Initial authorization status: pending
 [VERB] [simon4d.bel.com] Challenge types available: ["dns-01", "tls-alpn-01", "http-01"]
 [VERB] [simon4d.bel.com] Initial challenge status: pending
 [INFO] [simon4d.bel.com] Authorizing using dns-01 validation (Dreamhost)
 [DBUG] [simon4d.bel.com] Attempting to create DNS record under _acme-challenge.simon4d.bel.com...
 [INFO] Dreamhost Responded with: {"result":"success","data":"record_added"}
 [INFO] Waiting for 30 seconds
 [INFO] [simon4d.bel.com] Record ndUEp5PUej1SFFGcsLYgU7SdDthuRgPfm0iVPd8nV6I successfully created
 [VERB] Starting commit stage
 [VERB] Commit was succesful
 [DBUG] [simon4d.bel.com] Submitting challenge answer
 [DBUG] [HTTP] Send POST to https://acme-v02.api.letsencrypt.org/acme/chall/975039246/688505671211/tfBT3g
 [VERB] [HTTP] Request content: {"protected":"eyJhbGciOiJFUzI1NiIsInVybCI6Imh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2NoYWxsLzk3NTAzOTI0Ni82ODg1MDU2NzEyMTEvdGZCVDNnIiwibm9uY2UiOiJua3Eza2tzWmttZ1hGUnVYZG5xYzhKZVc5RkRScEFaY3l5SjkwN2wtekRHNEh5cXMtTk0iLCJraWQiOiJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hY2N0Lzk3NTAzOTI0NiJ9","payload":"e30","signature":"Se4uOWqU4dq6XnfVWh_E5zF2PPN6-K6qOVWj9ciJ62e91o0KkEKRpwVcuni-cbx7quQsdeH2RN7kXdGy3BmmKA"}
 [VERB] [HTTP] Request completed with status OK
 [VERB] [HTTP] Response content: {
  "type": "dns-01",
  "url": "https://acme-v02.api.letsencrypt.org/acme/chall/975039246/688505671211/tfBT3g",
  "status": "pending",
  "token": "DNdXMJEJGXsTN0koFw9yi8-28NX0qegdiBmaCpR08Yg"
}
 [DBUG] Refreshing authorization (1/15)
 [DBUG] [HTTP] Send POST to https://acme-v02.api.letsencrypt.org/acme/chall/975039246/688505671211/tfBT3g
 [VERB] [HTTP] Request content: {"protected":"eyJhbGciOiJFUzI1NiIsInVybCI6Imh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2NoYWxsLzk3NTAzOTI0Ni82ODg1MDU2NzEyMTEvdGZCVDNnIiwibm9uY2UiOiJ3TjBXWENyeFZ4T1RFVkxwbTBRU1RFN0Vwbi1Xdi1MWkJab2JRRXNJRTliNVlWMkdMVkEiLCJraWQiOiJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hY2N0Lzk3NTAzOTI0NiJ9","payload":"","signature":"g3-L-d4LaByL52pCaGe0S7siBGCYfJ_Jgwe-O4ftUXany-gBifTzPU3eZKJNV25YegEsdBI4UVO2T5OVO1QwOg"}
 [VERB] [HTTP] Request completed with status OK
 [VERB] [HTTP] Response content: {
  "type": "dns-01",
  "url": "https://acme-v02.api.letsencrypt.org/acme/chall/975039246/688505671211/tfBT3g",
  "status": "valid",
  "validated": "2026-04-15T10:05:00Z",
  "token": "DNdXMJEJGXsTN0koFw9yi8-28NX0qegdiBmaCpR08Yg",
  "validationRecord": [
    {
      "hostname": "simon4d.bel.com",
      "addressUsed": ""
    }
  ]
}
 [INFO] [simon4d.bel.com] Authorization result: valid
 [VERB] Starting post-validation cleanup
 [INFO] Dreamhost Responded with: {"result":"success","data":"record_removed"}
 [INFO] Waiting for 30 seconds
 [INFO] [simon4d.bel.com] Record ndUEp5PUej1SFFGcsLYgU7SdDthuRgPfm0iVPd8nV6I deleted
 [DBUG] DNS record cleanup finalized
 [VERB] Post-validation cleanup was successful
 [VERB] Order 1/1 (Main): processing...
 [DBUG] Creating new private key at C:\ProgramData\win-acme\acme-v02.api.letsencrypt.org\Orders\d79c060dc5ca26c504156dfa85e595525fcc175d.order.keys...
 [VERB] Generating private key using 3072 key bits
 [DBUG] CSR stored at m_-Y7hYwYEeYI1FZlFqYSg-main-80c2c1c8320cc7e4bc562ff4195dc24b288be2cd-csr.pem in certificate cache folder C:\ProgramData\win-acme\acme-v02.api.letsencrypt.org\Certificates
 [VERB] Submitting CSR
 [DBUG] Waiting for order to get ready (1/15)
 [DBUG] [HTTP] Send POST to https://acme-v02.api.letsencrypt.org/acme/order/975039246/500913540681
 [VERB] [HTTP] Request content: {"protected":"eyJhbGciOiJFUzI1NiIsInVybCI6Imh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL29yZGVyLzk3NTAzOTI0Ni81MDA5MTM1NDA2ODEiLCJub25jZSI6Im5rcTNra3NaS1o2Y1RHelFHNUExU3I3NTVkWHQ3UnNkcU1nOHVkNnhaeTdncGFHLWVPMCIsImtpZCI6Imh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvOTc1MDM5MjQ2In0","payload":"","signature":"DAuxrsfVK2O8NBO9vlo_og2FRj2MAwybuBvIMDh6rVeMk6R0phnSHpZcGOOIvDX15repcIyzOH7edRT91MRAqA"}
 [VERB] [HTTP] Request completed with status OK
 [VERB] [HTTP] Response content: {
  "status": "ready",
  "expires": "2026-04-22T10:04:29Z",
  "identifiers": [
    {
      "type": "dns",
      "value": "simon4d.bel.com"
    }
  ],
  "authorizations": [
    "https://acme-v02.api.letsencrypt.org/acme/authz/975039246/688505671211"
  ],
  "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/975039246/500913540681",
  "replaces": "ALUp8i2ObzHom0yteD763OkM0dI.BeS1whxxGRvqsaLMWGbmoQc2"
}
 [DBUG] [HTTP] Send POST to https://acme-v02.api.letsencrypt.org/acme/finalize/975039246/500913540681
 [VERB] [HTTP] Request content: {"protected":"eyJhbGciOiJFUzI1NiIsInVybCI6Imh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2ZpbmFsaXplLzk3NTAzOTI0Ni81MDA5MTM1NDA2ODEiLCJub25jZSI6Im5rcTNra3NaaFc5emUxOGJmODdFSnN2QnJmeFdGS2h3NEFmYzMzM2VvZVcxM3ZzS2ZqNCIsImtpZCI6Imh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvOTc1MDM5MjQ2In0","payload":"eyJjc3IiOiJNSUlEakRDQ0FmUUNBUUF3R2pFWU1CWUdBMVVFQXd3UGMybHRiMjQwWkM1aVpXd3VZMjl0TUlJQm9qQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FZOEFNSUlCaWdLQ0FZRUFnTkRIblF5VHhDak9tbDRmUGNVbnJDUzgxZHdRbUpCODh2V1gzN040eC1MM21pSmhUMmlzRzd2OGNuVjc4VzVLZ2Q0Z3RHN21XRnBjRTZsZExZc3RyLVkzZnRTc1ZTaHhCQ2s3Q2MzLXVUeFBweWp0RE4wTHJmclRUZ01jTkxhRXpOcU11a01CVFMyYU1JTkk1M3JUTW91SmQtTzFMMUJJamJtTGxhQUJoXzJXTEtSTkl5WWpnYUl4TkR1N045S3ctWm1VWDljQlowV3NjSzJIZlJXeU5XZFFPMXBEamtFZmt6dGxFUkNXbk5DVmhhWUVvbnpIMGsyX3N4T0ZGZ1VpbFVqOURuWmVtb1prSEI2THo4VmhoRXFTT2VOQ2g0NG1lbmhNby1QTmhSSWsyX0plb0V1Z2ZaVURiV242QXJRTHdOZDNaT21FVDhtcXU5am1sWW9tRTNXYktNUVRyR3V2SWhmT1BSVnlZSHVKblk5Z1EtQWVTSWdsVEdvQm1YcGEzcV9FTFhQS093U19HN2ZVemlIZ0E1OHJzMTRHbmd3QmMxeGNkLVdzYXpuTGU1VVFhcXMzamJmbWdQMFFHQ19XTFJ3UWkzV1JTWFhiWGk1bXh6ejB6cUhQaG1TSEQxRC1lNjNBd1VKN0VUekQxRWV1Y3o2NFBRME90MDZWRXBYbkFnTUJBQUdnTFRBckJna3Foa2lHOXcwQkNRNHhIakFjTUJvR0ExVWRFUVFUTUJHQ0QzTnBiVzl1TkdRdVltVnNMbU52YlRBTkJna3Foa2lHOXcwQkFRMEZBQU9DQVlFQVZhWVhwNi1IUUlYbFROMEhZT0w3VnlDVjBQbnAxTG16bVFhejZBZk1zU2QyMDg2SUIxRm5oMDQzSmhaQjMzNHY0Z1NwRllDeWNpVm0xU1dUZnhTNUFuYjhRRzAtWUdvYnZPYmg3TnRjbnJ5QWx5SEZaZVJ4R083MWszLTFDZFd0T3RCTG56U0JfQWFzRHhsaWNfOTVUMWNMRnYtVThvdUl3VUZ2Z0N1c2VUTk1RODU0blMzZm5ybmZTM0IyRXBRLTI2bjk3ZHFFNHJGOVdQM3doZmRPSy1HMEY2X1RUZXZEOHlxcXp3NldzSXBvLXJZc1c3Nkw4RW96QjZ1dFhYZF9ySm1uUHhNSkRmVHlaZC1Fd2pHdWJ0R2VrX08wdVpmTFlLUVRRb3U0WW1nMzZjRE4tWVRhUnFiRDN3Sy1DZ1gzU3ZjUmVaMGFiQ0tWUklmcFVEdWtCSlZPOW1NOXNERURYN2U1ajJCYWFuQlFza0p1ZFNtZEQ5dUxaVHNTMzhfOEhhcDZqRzVveV9ycklmRS00UHJxQWRmQ3hyaHZqYUQ4S3MtY2NoN0JoWXpENmRkeVQ3QkdWMFdHbnNWeGZXWUVTT1hCYkJ4dVNtVGxhaGlDcWlVMmRuTm8yUDhFcHZqbHd4LVlnM2c3N1E0aDB2VnpoSFN1d19uSzlCWlQ3LUZIIn0","signature":"rdrkrBqPXIqA9ZMEeGcEi6MUOmcS-yuKWePZmJoSPKb3d_vrq7NSP8CTQkcZn0BsS8ETwuAkULHTTLSE0aJTWg"}
 [VERB] [HTTP] Request completed with status OK
 [VERB] [HTTP] Response content: {
  "status": "valid",
  "expires": "2026-04-22T10:04:29Z",
  "identifiers": [
    {
      "type": "dns",
      "value": "simon4d.bel.com"
    }
  ],
  "authorizations": [
    "https://acme-v02.api.letsencrypt.org/acme/authz/975039246/688505671211"
  ],
  "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/975039246/500913540681",
  "certificate": "https://acme-v02.api.letsencrypt.org/acme/cert/0539c939d9fef0713fedc9832d5b9ebc8575",
  "replaces": "ALUp8i2ObzHom0yteD763OkM0dI.BeS1whxxGRvqsaLMWGbmoQc2"
}
 [INFO] Downloading certificate [Manual] simon4d.bel.com
 [DBUG] [HTTP] Send POST to https://acme-v02.api.letsencrypt.org/acme/cert/0539c939d9fef0713fedc9832d5b9ebc8575
 [VERB] [HTTP] Request content: {"protected":"eyJhbGciOiJFUzI1NiIsInVybCI6Imh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2NlcnQvMDUzOWM5MzlkOWZlZjA3MTNmZWRjOTgzMmQ1YjllYmM4NTc1Iiwibm9uY2UiOiJua3Eza2tzWnJfS1BLbk96ZXVJRkU5amI2Y20zUG94VW40aGJFQ0lSOTNjTXh1NzI5MGMiLCJraWQiOiJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hY2N0Lzk3NTAzOTI0NiJ9","payload":"","signature":"LkJKfiBHsWF_P-GZpORUoiVELSgJtXS-qla_6gM12G4F8Zc033lVaIzidpIBuaEoW9AWyxkQXlpJL6JXDtzQ2g"}
 [VERB] [HTTP] Request completed with status OK
 [VERB] [HTTP] Response of type application/pem-certificate-chain (3762 bytes)
 [VERB] Parsing PEM data at range 0..1959
 [VERB] Certificate simon4d.bel.com parsed
 [VERB] Parsing PEM data at range 1961..3761
 [VERB] Certificate R13 parsed
 [VERB] Parsing PEM data at range 0..1959
 [VERB] Certificate simon4d.bel.com parsed
 [VERB] Associating private key
 [VERB] Parsing PEM data at range 1961..3761
 [VERB] Certificate R13 parsed
 [DBUG] Certificate written to cache file m_-Y7hYwYEeYI1FZlFqYSg-main-80c2c1c8320cc7e4bc562ff4195dc24b288be2cd-temp.pfx in certificate cache folder C:\ProgramData\win-acme\acme-v02.api.letsencrypt.org\Certificates. It will be reused when renewing within 1 day(s) as long as the --source and --csr parameters remain the same and the --force switch is not used.
 [VERB] Processing order 1/1: Main
 [VERB] Autofac: creating PluginBackend<IStorePlugin> scope with parent PluginBackend<ICsrPlugin>
 [DBUG] Using .pem files path: C:\win-acme
 [INFO] Store with PemFiles...
 [INFO] Exporting .pem files to C:\win-acme
 [DBUG] [HTTP] Send GET to https://acme-v02.api.letsencrypt.org/acme/renewal-info/56ufDywzoFPTXk94yLKEDjvWkjM.BTnJOdn-8HE_7cmDLVuevIV1
 [VERB] [HTTP] Request completed with status OK
 [VERB] [HTTP] Response content: {
  "suggestedWindow": {
    "start": "2026-06-13T11:51:16Z",
    "end": "2026-06-15T07:02:05Z"
  }
}
 [INFO] Next renewal due after 2026/6/9 10:04:28
 [INFO] Renewal for [Manual] simon4d.bel.com succeeded
 [INFO] Sending e-mail with subject Certificate renewal [Manual] simon4d.bel.com completed
3

DNS challenges intermittently working is usually as sign that more time needs to be allowed for your authoritative DNS nameservers to sync with each other, otherwise Let's Encrypt may check one and get the wrong answer, even though the DNS update has been performed.

4

Yeah it's just crazy that it suddenly failed, and continued to fail until after about the 10th manual retry.

5

This may have something do to with the failures/delays:

nslookup -q=ns simon4d.bel.com
simon4d.bel.com canonical name = simonbel.no-ip.org
6

Yeah as I said it's a CNAME for ddns purposes. However, that IP and lookup was correct the entire time. The IP never really changes.

7

The IP is not relevant when doing DNS authentication.

8

No, disappointing maybe but you can raise a support ticket with your DNS host to resolve that. Their nameserver synchronization is slower than usual, something is under load or needs a reboot. Happens with various DNS hosts all the time, every day. Some DNS hosts take up to 15 minutes to sync(!), some take 30 seconds, depends on their internal architecture.

If it's a persistent problem and you can't change an app setting to allow more time you should change DNS hosting.