Adding TXT record error with DuckDNS for raspberry pi

[NovaViper]

I can't seem to make acme.sh v2.8.6 (i've ran acme.sh --upgrade and it gave me that version) issue a certificate on my raspberry pi 3B+, it throws an error immediately saying while trying to add the TXT record,

[Fri 15 May 15:33:14 BST 2020] Errors happened during adding the TXT record, response=KO
[Fri 15 May 15:33:14 BST 2020] Error add txt for domain:_acme-challenge.novaender.duckdns.org
[Fri 15 May 15:33:14 BST 2020] Please check log file for more details: /root/.acme.sh/acme.sh.log

Steps to reproduce

1. Install acme.sh as per this guide
2. Add DuckDNS tokens as per the wiki guide
3. Run acme.sh --insecure --issue --dns dns_duckdns -d novaender.duckdns.org --renew-hook "cat /root/.acme.sh/novaender.duckdns.org/fullchain.cer /root/.acme.sh/novaender.duckdns.org/novaender.duckdns.org.key >/etc/ssl/snakeoil.pem && systemctl reload haproxy"

Debug log

root@novaocto:~# acme.sh --debug 2 --insecure --issue --dns dns_duckdns -d novaender.duckdns.org --renew-hook "cat /root/.acme.sh/novaender.duckdns.org/fullchain.cer /root/.acme.sh/novaender.duckdns.org/novaender.duckdns.org.key >/etc/ssl/snakeoil.pem && systemctl reload haproxy"
[Fri 15 May 15:39:32 BST 2020] _is_idn_d='novaender.duckdns.org'
[Fri 15 May 15:39:32 BST 2020] _idn_temp
[Fri 15 May 15:39:32 BST 2020] Lets find script dir.
[Fri 15 May 15:39:32 BST 2020] _SCRIPT_='/root/.acme.sh/acme.sh'
[Fri 15 May 15:39:32 BST 2020] _script='/root/.acme.sh/acme.sh'
[Fri 15 May 15:39:32 BST 2020] _script_home='/root/.acme.sh'
[Fri 15 May 15:39:32 BST 2020] Using config home:/root/.acme.sh
[Fri 15 May 15:39:32 BST 2020] LE_WORKING_DIR='/root/.acme.sh'
https://github.com/acmesh-official/acme.sh
v2.8.6
[Fri 15 May 15:39:32 BST 2020] Running cmd: issue
[Fri 15 May 15:39:32 BST 2020] _main_domain='novaender.duckdns.org'
[Fri 15 May 15:39:32 BST 2020] _alt_domains='no'
[Fri 15 May 15:39:32 BST 2020] Using config home:/root/.acme.sh
[Fri 15 May 15:39:32 BST 2020] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Fri 15 May 15:39:32 BST 2020] _ACME_SERVER_HOST='acme-v02.api.letsencrypt.org'
[Fri 15 May 15:39:32 BST 2020] DOMAIN_PATH='/root/.acme.sh/novaender.duckdns.org'
[Fri 15 May 15:39:32 BST 2020] 'dns_duckdns' does not contain 'dns'
[Fri 15 May 15:39:32 BST 2020] Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/directory
[Fri 15 May 15:39:32 BST 2020] _init api for server: https://acme-v02.api.letsencrypt.org/directory
[Fri 15 May 15:39:32 BST 2020] GET
[Fri 15 May 15:39:32 BST 2020] url='https://acme-v02.api.letsencrypt.org/directory'
[Fri 15 May 15:39:32 BST 2020] timeout=
[Fri 15 May 15:39:33 BST 2020] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  --trace-ascii /tmp/tmp.IMxDyrYwdH  -g  --insecure  '
[Fri 15 May 15:39:33 BST 2020] ret='0'
[Fri 15 May 15:39:33 BST 2020] response='{
  "3GlfAFlnuTQ": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
    "website": "https://letsencrypt.org"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}'
[Fri 15 May 15:39:34 BST 2020] ACME_KEY_CHANGE='https://acme-v02.api.letsencrypt.org/acme/key-change'
[Fri 15 May 15:39:34 BST 2020] ACME_NEW_AUTHZ
[Fri 15 May 15:39:34 BST 2020] ACME_NEW_ORDER='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Fri 15 May 15:39:34 BST 2020] ACME_NEW_ACCOUNT='https://acme-v02.api.letsencrypt.org/acme/new-acct'
[Fri 15 May 15:39:34 BST 2020] ACME_REVOKE_CERT='https://acme-v02.api.letsencrypt.org/acme/revoke-cert'
[Fri 15 May 15:39:34 BST 2020] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'
[Fri 15 May 15:39:34 BST 2020] ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Fri 15 May 15:39:34 BST 2020] ACME_VERSION='2'
[Fri 15 May 15:39:34 BST 2020] Le_NextRenewTime
[Fri 15 May 15:39:34 BST 2020] _on_before_issue
[Fri 15 May 15:39:34 BST 2020] _chk_main_domain='novaender.duckdns.org'
[Fri 15 May 15:39:34 BST 2020] _chk_alt_domains
[Fri 15 May 15:39:34 BST 2020] 'dns_duckdns' does not contain 'no'
[Fri 15 May 15:39:34 BST 2020] Le_LocalAddress
[Fri 15 May 15:39:34 BST 2020] d='novaender.duckdns.org'
[Fri 15 May 15:39:34 BST 2020] Check for domain='novaender.duckdns.org'
[Fri 15 May 15:39:34 BST 2020] _currentRoot='dns_duckdns'
[Fri 15 May 15:39:34 BST 2020] d
[Fri 15 May 15:39:34 BST 2020] 'dns_duckdns' does not contain 'apache'
[Fri 15 May 15:39:34 BST 2020] _saved_account_key_hash='xa3EeN8EX89a+ZZ209LvDxZHDKc0pIaj7PdNkROOTDY='
[Fri 15 May 15:39:34 BST 2020] _saved_account_key_hash is not changed, skip register account.
[Fri 15 May 15:39:34 BST 2020] Read key length:
[Fri 15 May 15:39:34 BST 2020] _createcsr
[Fri 15 May 15:39:34 BST 2020] domain='novaender.duckdns.org'
[Fri 15 May 15:39:34 BST 2020] domainlist
[Fri 15 May 15:39:34 BST 2020] csrkey='/root/.acme.sh/novaender.duckdns.org/novaender.duckdns.org.key'
[Fri 15 May 15:39:34 BST 2020] csr='/root/.acme.sh/novaender.duckdns.org/novaender.duckdns.org.csr'
[Fri 15 May 15:39:34 BST 2020] csrconf='/root/.acme.sh/novaender.duckdns.org/novaender.duckdns.org.csr.conf'
[Fri 15 May 15:39:34 BST 2020] Single domain='novaender.duckdns.org'
[Fri 15 May 15:39:34 BST 2020] _is_idn_d='novaender.duckdns.org'
[Fri 15 May 15:39:34 BST 2020] _idn_temp
[Fri 15 May 15:39:34 BST 2020] _is_idn_d='novaender.duckdns.org'
[Fri 15 May 15:39:34 BST 2020] _idn_temp
[Fri 15 May 15:39:34 BST 2020] _csr_cn='novaender.duckdns.org'
[Fri 15 May 15:39:35 BST 2020] Getting domain auth token for each domain
[Fri 15 May 15:39:35 BST 2020] _is_idn_d='novaender.duckdns.org'
[Fri 15 May 15:39:35 BST 2020] _idn_temp
[Fri 15 May 15:39:35 BST 2020] d
[Fri 15 May 15:39:35 BST 2020] _identifiers='{"type":"dns","value":"novaender.duckdns.org"}'
[Fri 15 May 15:39:35 BST 2020] url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Fri 15 May 15:39:35 BST 2020] payload='{"identifiers": [{"type":"dns","value":"novaender.duckdns.org"}]}'
[Fri 15 May 15:39:35 BST 2020] RSA key
[Fri 15 May 15:39:35 BST 2020] Get nonce with HEAD. ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Fri 15 May 15:39:35 BST 2020] HEAD
[Fri 15 May 15:39:35 BST 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Fri 15 May 15:39:35 BST 2020] body
[Fri 15 May 15:39:35 BST 2020] _postContentType='application/jose+json'
[Fri 15 May 15:39:35 BST 2020] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  --trace-ascii /tmp/tmp.tXusNWxejF  -g  --insecure   -I  '
[Fri 15 May 15:39:35 BST 2020] _ret='0'
[Fri 15 May 15:39:35 BST 2020] _headers='HTTP/2 200 
server: nginx
date: Fri, 15 May 2020 14:39:35 GMT
cache-control: public, max-age=0, no-cache
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
replay-nonce: 0001Dfu5_S2iroXjvZsiotI9EudqncDzeoA7UsVoz8SC0y8
x-frame-options: DENY
strict-transport-security: max-age=604800
'
[Fri 15 May 15:39:35 BST 2020] _CACHED_NONCE='0001Dfu5_S2iroXjvZsiotI9EudqncDzeoA7UsVoz8SC0y8'
[Fri 15 May 15:39:35 BST 2020] nonce='0001Dfu5_S2iroXjvZsiotI9EudqncDzeoA7UsVoz8SC0y8'
[Fri 15 May 15:39:36 BST 2020] POST
[Fri 15 May 15:39:36 BST 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Fri 15 May 15:39:36 BST 2020] body='{"protected": "eyJub25jZSI6ICIwMDAxRGZ1NV9TMmlyb1hqdlpzaW90STlFdWRxbmNEemVvQTdVc1ZvejhTQzB5OCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvbmV3LW9yZGVyIiwgImFsZyI6ICJSUzI1NiIsICJraWQiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC84NjIwMzE1OSJ9", "payload": "eyJpZGVudGlmaWVycyI6IFt7InR5cGUiOiJkbnMiLCJ2YWx1ZSI6Im5vdmFlbmRlci5kdWNrZG5zLm9yZyJ9XX0", "signature": "sowbKanDN7fR7dG_oQptJvPVTHoqjh5FymLWwbsUxOkcgno1E4Yx0exDIBqbnH6SPvYnWtNpmboToTUUkD7kD9yPWN9rV1z1t2xtCtbTAoGmbEblfgJul6ERqu4wIknO_ddX-8rYru_GM0jHEyuqIrSLYhZ-hVKU7xnigM_FQ-aj8BYH7R8p8M0Z6zLZuBKJN5nHwWVLbfyxRMMF0CuUaczmok8VHBsZiVi4sx0coZzqeDCELDzPDzTx9SscuNcSDn8yT_HZClDwJMAb03vsCEVL92aeJpY8ubFgq1B6Xas7671cJUbybDmDJ4HgpqwhrAsYOznqhkxi-_BKpsr8aw"}'
[Fri 15 May 15:39:36 BST 2020] _postContentType='application/jose+json'
[Fri 15 May 15:39:36 BST 2020] Http already initialized.
[Fri 15 May 15:39:36 BST 2020] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  --trace-ascii /tmp/tmp.tXusNWxejF  -g  --insecure  '
[Fri 15 May 15:39:36 BST 2020] _ret='0'
[Fri 15 May 15:39:36 BST 2020] responseHeaders='HTTP/2 201 
server: nginx
date: Fri, 15 May 2020 14:39:36 GMT
content-type: application/json
content-length: 351
boulder-requester: 86203159
cache-control: public, max-age=0, no-cache
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
location: https://acme-v02.api.letsencrypt.org/acme/order/86203159/3375134362
replay-nonce: 0101JFZzGKECi6LuUl2aOX38nJ8TQpg9zf-lVxKNZJHEf78
x-frame-options: DENY
strict-transport-security: max-age=604800
'
[Fri 15 May 15:39:36 BST 2020] code='201'
[Fri 15 May 15:39:36 BST 2020] original='{
  "status": "pending",
  "expires": "2020-05-22T14:39:36.639681045Z",
  "identifiers": [
    {
      "type": "dns",
      "value": "novaender.duckdns.org"
    }
  ],
  "authorizations": [
    "https://acme-v02.api.letsencrypt.org/acme/authz-v3/4600758876"
  ],
  "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/86203159/3375134362"
}'
[Fri 15 May 15:39:36 BST 2020] response='{"status":"pending","expires":"2020-05-22T14:39:36.639681045Z","identifiers":[{"type":"dns","value":"novaender.duckdns.org"}],"authorizations":["https://acme-v02.api.letsencrypt.org/acme/authz-v3/4600758876"],"finalize":"https://acme-v02.api.letsencrypt.org/acme/finalize/86203159/3375134362"}'
[Fri 15 May 15:39:36 BST 2020] Le_LinkOrder='https://acme-v02.api.letsencrypt.org/acme/order/86203159/3375134362'
[Fri 15 May 15:39:36 BST 2020] Le_OrderFinalize='https://acme-v02.api.letsencrypt.org/acme/finalize/86203159/3375134362'
[Fri 15 May 15:39:37 BST 2020] _authorizations_seg='https://acme-v02.api.letsencrypt.org/acme/authz-v3/4600758876'
[Fri 15 May 15:39:37 BST 2020] _authz_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/4600758876'
[Fri 15 May 15:39:37 BST 2020] url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/4600758876'
[Fri 15 May 15:39:37 BST 2020] payload
[Fri 15 May 15:39:37 BST 2020] Use cached jwk for file: /root/.acme.sh/ca/acme-v02.api.letsencrypt.org/account.key
[Fri 15 May 15:39:37 BST 2020] Use _CACHED_NONCE='0101JFZzGKECi6LuUl2aOX38nJ8TQpg9zf-lVxKNZJHEf78'
[Fri 15 May 15:39:37 BST 2020] nonce='0101JFZzGKECi6LuUl2aOX38nJ8TQpg9zf-lVxKNZJHEf78'
[Fri 15 May 15:39:37 BST 2020] POST
[Fri 15 May 15:39:37 BST 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/4600758876'
[Fri 15 May 15:39:37 BST 2020] body='{"protected": "eyJub25jZSI6ICIwMTAxSkZaekdLRUNpNkx1VWwyYU9YMzhuSjhUUXBnOXpmLWxWeEtOWkpIRWY3OCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHotdjMvNDYwMDc1ODg3NiIsICJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvODYyMDMxNTkifQ", "payload": "", "signature": "3Fydlbl51fx0M8V5eMkhF337TezZ2b-3HlIUny3j8VaQiJsy0z-IQdr9p4eEjM-ZTNwI2XwKr4--5FRthgSvszF_vRE-pM0nyQuKFTqbyRjxvQbvMF44QIR4vj71BI_xJbZjwo5RkRUkj_KkKXgJ0yqcZJlTWc76MjCbrQOoox_d3BUguIpvbd7RHxmO7QxlVrJljUqULxgkDs9xv0BG5X5T--Bddygt8wzdIuFXv3JAAwDce4rMXvEelf8OiLc_sgZ7ptyZVyuPALkKIuJ27mNOxwmM6Ov1YaFamP5voyOjHkm_fkSs6nAd9gkyuycGkLx_JLd9UwXw0oIThxpevA"}'
[Fri 15 May 15:39:37 BST 2020] _postContentType='application/jose+json'
[Fri 15 May 15:39:37 BST 2020] Http already initialized.
[Fri 15 May 15:39:37 BST 2020] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  --trace-ascii /tmp/tmp.tXusNWxejF  -g  --insecure  '
[Fri 15 May 15:39:37 BST 2020] _ret='0'
[Fri 15 May 15:39:37 BST 2020] responseHeaders='HTTP/2 200 
server: nginx
date: Fri, 15 May 2020 14:39:37 GMT
content-type: application/json
content-length: 799
boulder-requester: 86203159
cache-control: public, max-age=0, no-cache
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
replay-nonce: 0002qC9N0JG5rt7cO0WoRYBhRb4WrE4U6y5C3Sg1vJkvTWA
x-frame-options: DENY
strict-transport-security: max-age=604800
'
[Fri 15 May 15:39:37 BST 2020] code='200'
[Fri 15 May 15:39:37 BST 2020] original='{
  "identifier": {
    "type": "dns",
    "value": "novaender.duckdns.org"
  },
  "status": "pending",
  "expires": "2020-05-22T14:39:36Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/4600758876/6ng9Ow",
      "token": "aLAYBzw6EktuS17YqGsfF3YVVgnATnWI2TKZHc9ZfSc"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/4600758876/BQNWLw",
      "token": "aLAYBzw6EktuS17YqGsfF3YVVgnATnWI2TKZHc9ZfSc"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/4600758876/2BDYKw",
      "token": "aLAYBzw6EktuS17YqGsfF3YVVgnATnWI2TKZHc9ZfSc"
    }
  ]
}'
[Fri 15 May 15:39:37 BST 2020] response='{"identifier":{"type":"dns","value":"novaender.duckdns.org"},"status":"pending","expires":"2020-05-22T14:39:36Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/4600758876/6ng9Ow","token":"aLAYBzw6EktuS17YqGsfF3YVVgnATnWI2TKZHc9ZfSc"},{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/4600758876/BQNWLw","token":"aLAYBzw6EktuS17YqGsfF3YVVgnATnWI2TKZHc9ZfSc"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/4600758876/2BDYKw","token":"aLAYBzw6EktuS17YqGsfF3YVVgnATnWI2TKZHc9ZfSc"}]}'
[Fri 15 May 15:39:38 BST 2020] response='{"identifier":{"type":"dns","value":"novaender.duckdns.org"},"status":"pending","expires":"2020-05-22T14:39:36Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/4600758876/6ng9Ow","token":"aLAYBzw6EktuS17YqGsfF3YVVgnATnWI2TKZHc9ZfSc"},{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/4600758876/BQNWLw","token":"aLAYBzw6EktuS17YqGsfF3YVVgnATnWI2TKZHc9ZfSc"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/4600758876/2BDYKw","token":"aLAYBzw6EktuS17YqGsfF3YVVgnATnWI2TKZHc9ZfSc"}]}'
[Fri 15 May 15:39:38 BST 2020] _d='novaender.duckdns.org'
[Fri 15 May 15:39:38 BST 2020] _authorizations_map='novaender.duckdns.org,{"identifier":{"type":"dns","value":"novaender.duckdns.org"},"status":"pending","expires":"2020-05-22T14:39:36Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/4600758876/6ng9Ow","token":"aLAYBzw6EktuS17YqGsfF3YVVgnATnWI2TKZHc9ZfSc"},{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/4600758876/BQNWLw","token":"aLAYBzw6EktuS17YqGsfF3YVVgnATnWI2TKZHc9ZfSc"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/4600758876/2BDYKw","token":"aLAYBzw6EktuS17YqGsfF3YVVgnATnWI2TKZHc9ZfSc"}]}
'
[Fri 15 May 15:39:38 BST 2020] d='novaender.duckdns.org'
[Fri 15 May 15:39:38 BST 2020] Getting webroot for domain='novaender.duckdns.org'
[Fri 15 May 15:39:38 BST 2020] _w='dns_duckdns'
[Fri 15 May 15:39:38 BST 2020] _currentRoot='dns_duckdns'
[Fri 15 May 15:39:38 BST 2020] _is_idn_d='novaender.duckdns.org'
[Fri 15 May 15:39:38 BST 2020] _idn_temp
[Fri 15 May 15:39:38 BST 2020] _candindates='novaender.duckdns.org,{"identifier":{"type":"dns","value":"novaender.duckdns.org"},"status":"pending","expires":"2020-05-22T14:39:36Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/4600758876/6ng9Ow","token":"aLAYBzw6EktuS17YqGsfF3YVVgnATnWI2TKZHc9ZfSc"},{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/4600758876/BQNWLw","token":"aLAYBzw6EktuS17YqGsfF3YVVgnATnWI2TKZHc9ZfSc"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/4600758876/2BDYKw","token":"aLAYBzw6EktuS17YqGsfF3YVVgnATnWI2TKZHc9ZfSc"}]}'
[Fri 15 May 15:39:38 BST 2020] response='{"identifier":{"type":"dns","value":"novaender.duckdns.org"},"status":"pending","expires":"2020-05-22T14:39:36Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/4600758876/6ng9Ow","token":"aLAYBzw6EktuS17YqGsfF3YVVgnATnWI2TKZHc9ZfSc"},{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/4600758876/BQNWLw","token":"aLAYBzw6EktuS17YqGsfF3YVVgnATnWI2TKZHc9ZfSc"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/4600758876/2BDYKw","token":"aLAYBzw6EktuS17YqGsfF3YVVgnATnWI2TKZHc9ZfSc"}]}'
[Fri 15 May 15:39:38 BST 2020] entry='"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/4600758876/BQNWLw","token":"aLAYBzw6EktuS17YqGsfF3YVVgnATnWI2TKZHc9ZfSc"'
[Fri 15 May 15:39:38 BST 2020] token='aLAYBzw6EktuS17YqGsfF3YVVgnATnWI2TKZHc9ZfSc'
[Fri 15 May 15:39:38 BST 2020] uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/4600758876/BQNWLw'
[Fri 15 May 15:39:38 BST 2020] keyauthorization='aLAYBzw6EktuS17YqGsfF3YVVgnATnWI2TKZHc9ZfSc.ebnnksaRqlpSuvffOPD_ut5LbN8bOYqBHFe271zWz4o'
[Fri 15 May 15:39:38 BST 2020] dvlist='novaender.duckdns.org#aLAYBzw6EktuS17YqGsfF3YVVgnATnWI2TKZHc9ZfSc.ebnnksaRqlpSuvffOPD_ut5LbN8bOYqBHFe271zWz4o#https://acme-v02.api.letsencrypt.org/acme/chall-v3/4600758876/BQNWLw#dns-01#dns_duckdns'
[Fri 15 May 15:39:38 BST 2020] d
[Fri 15 May 15:39:38 BST 2020] vlist='novaender.duckdns.org#aLAYBzw6EktuS17YqGsfF3YVVgnATnWI2TKZHc9ZfSc.ebnnksaRqlpSuvffOPD_ut5LbN8bOYqBHFe271zWz4o#https://acme-v02.api.letsencrypt.org/acme/chall-v3/4600758876/BQNWLw#dns-01#dns_duckdns,'
[Fri 15 May 15:39:38 BST 2020] d='novaender.duckdns.org'
[Fri 15 May 15:39:38 BST 2020] _d_alias
[Fri 15 May 15:39:38 BST 2020] txtdomain='_acme-challenge.novaender.duckdns.org'
[Fri 15 May 15:39:38 BST 2020] txt='jsMHeR0RM8yo6dhwJS4q6N40GJRzpQ_kg8Sh7KbTWVM'
[Fri 15 May 15:39:38 BST 2020] d_api='/root/.acme.sh/dnsapi/dns_duckdns.sh'
[Fri 15 May 15:39:38 BST 2020] dns_entry='novaender.duckdns.org,_acme-challenge.novaender.duckdns.org,,dns_duckdns,jsMHeR0RM8yo6dhwJS4q6N40GJRzpQ_kg8Sh7KbTWVM,/root/.acme.sh/dnsapi/dns_duckdns.sh'
[Fri 15 May 15:39:38 BST 2020] Found domain api file: /root/.acme.sh/dnsapi/dns_duckdns.sh
[Fri 15 May 15:39:38 BST 2020] Adding txt value: jsMHeR0RM8yo6dhwJS4q6N40GJRzpQ_kg8Sh7KbTWVM for domain:  _acme-challenge.novaender.duckdns.org
[Fri 15 May 15:39:38 BST 2020] Trying to add TXT record
[Fri 15 May 15:39:38 BST 2020] param='domains=novaender&token=aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee&txt=jsMHeR0RM8yo6dhwJS4q6N40GJRzpQ_kg8Sh7KbTWVM'
[Fri 15 May 15:39:38 BST 2020] url='https://www.duckdns.org/update?domains=novaender&token=aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee&txt=jsMHeR0RM8yo6dhwJS4q6N40GJRzpQ_kg8Sh7KbTWVM'
[Fri 15 May 15:39:38 BST 2020] GET
[Fri 15 May 15:39:38 BST 2020] url='https://www.duckdns.org/update?domains=novaender&token=aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee&txt=jsMHeR0RM8yo6dhwJS4q6N40GJRzpQ_kg8Sh7KbTWVM'
[Fri 15 May 15:39:38 BST 2020] timeout=
[Fri 15 May 15:39:38 BST 2020] Http already initialized.
[Fri 15 May 15:39:38 BST 2020] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  --trace-ascii /tmp/tmp.tXusNWxejF  -g  --insecure  '
[Fri 15 May 15:39:39 BST 2020] ret='0'
[Fri 15 May 15:39:39 BST 2020] response='KO'
[Fri 15 May 15:39:39 BST 2020] Errors happened during adding the TXT record, response=KO
[Fri 15 May 15:39:39 BST 2020] Error add txt for domain:_acme-challenge.novaender.duckdns.org
[Fri 15 May 15:39:39 BST 2020] _on_issue_err
[Fri 15 May 15:39:39 BST 2020] Please check log file for more details: /root/.acme.sh/acme.sh.log
[Fri 15 May 15:39:39 BST 2020] _chk_vlist='novaender.duckdns.org#aLAYBzw6EktuS17YqGsfF3YVVgnATnWI2TKZHc9ZfSc.ebnnksaRqlpSuvffOPD_ut5LbN8bOYqBHFe271zWz4o#https://acme-v02.api.letsencrypt.org/acme/chall-v3/4600758876/BQNWLw#dns-01#dns_duckdns,'
[Fri 15 May 15:39:39 BST 2020] start to deactivate authz
[Fri 15 May 15:39:39 BST 2020] Trigger domain validation.
[Fri 15 May 15:39:39 BST 2020] _t_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/4600758876/BQNWLw'
[Fri 15 May 15:39:39 BST 2020] _t_key_authz='aLAYBzw6EktuS17YqGsfF3YVVgnATnWI2TKZHc9ZfSc.ebnnksaRqlpSuvffOPD_ut5LbN8bOYqBHFe271zWz4o'
[Fri 15 May 15:39:39 BST 2020] _t_vtype
[Fri 15 May 15:39:39 BST 2020] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/4600758876/BQNWLw'
[Fri 15 May 15:39:39 BST 2020] payload='{}'
[Fri 15 May 15:39:39 BST 2020] Use cached jwk for file: /root/.acme.sh/ca/acme-v02.api.letsencrypt.org/account.key
[Fri 15 May 15:39:39 BST 2020] Use _CACHED_NONCE='0002qC9N0JG5rt7cO0WoRYBhRb4WrE4U6y5C3Sg1vJkvTWA'
[Fri 15 May 15:39:39 BST 2020] nonce='0002qC9N0JG5rt7cO0WoRYBhRb4WrE4U6y5C3Sg1vJkvTWA'
[Fri 15 May 15:39:40 BST 2020] POST
[Fri 15 May 15:39:40 BST 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/4600758876/BQNWLw'
[Fri 15 May 15:39:40 BST 2020] body='{"protected": "eyJub25jZSI6ICIwMDAycUM5TjBKRzVydDdjTzBXb1JZQmhSYjRXckU0VTZ5NUMzU2cxdkprdlRXQSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvY2hhbGwtdjMvNDYwMDc1ODg3Ni9CUU5XTHciLCAiYWxnIjogIlJTMjU2IiwgImtpZCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hY2N0Lzg2MjAzMTU5In0", "payload": "e30", "signature": "2R68s_PoDyOnBunIOBir9ffib58l67mHW1cbPQtjjU_2TmE0NDBP7FMnbjoVn2R85PxvyBjsuR88oiqQ4iuN0Pl3pZt8-ZUi2PPEBUnPwtk9GMNuHGS1g-tyqDBa8jrj6yVQ4y59KJAdBliljtUdaYBWoywGDTtFXTjINmg8-1M4IuYZZuS2WE3Gzk1NALihCd90DKANcd_t1ono5S_lR3sztQ4GWTHQBzpiioH2DcFt6l4nqlNbhmKdQOvC3_DyL1n-ESIFJtZQpFsHn2W3z4djR6RbKPfOqfXqkMk6PXGqE-DE3gI5s0ywEh99KzMwtQGG_7UnwIpb1DsnYB4m6Q"}'
[Fri 15 May 15:39:40 BST 2020] _postContentType='application/jose+json'
[Fri 15 May 15:39:40 BST 2020] Http already initialized.
[Fri 15 May 15:39:40 BST 2020] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  --trace-ascii /tmp/tmp.tXusNWxejF  -g  --insecure  '
[Fri 15 May 15:39:40 BST 2020] _ret='0'
[Fri 15 May 15:39:40 BST 2020] responseHeaders='HTTP/2 200 
server: nginx
date: Fri, 15 May 2020 14:39:40 GMT
content-type: application/json
content-length: 184
boulder-requester: 86203159
cache-control: public, max-age=0, no-cache
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
link: <https://acme-v02.api.letsencrypt.org/acme/authz-v3/4600758876>;rel="up"
location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/4600758876/BQNWLw
replay-nonce: 0101Sx9GlAT0r9y3-f7OCgCV4AXMGN7jhc81W49IVUXXQu0
x-frame-options: DENY
strict-transport-security: max-age=604800
'
[Fri 15 May 15:39:40 BST 2020] code='200'
[Fri 15 May 15:39:40 BST 2020] original='{
  "type": "dns-01",
  "status": "pending",
  "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/4600758876/BQNWLw",
  "token": "aLAYBzw6EktuS17YqGsfF3YVVgnATnWI2TKZHc9ZfSc"
}'
[Fri 15 May 15:39:40 BST 2020] response='{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/4600758876/BQNWLw","token":"aLAYBzw6EktuS17YqGsfF3YVVgnATnWI2TKZHc9ZfSc"}'
[Fri 15 May 15:39:40 BST 2020] socat doesn't exists.
[Fri 15 May 15:39:40 BST 2020] Diagnosis versions: 
openssl:openssl
OpenSSL 1.1.1d  10 Sep 2019
apache:
apache doesn't exists.
nginx:
nginx doesn't exists.
socat:
[Fri 15 May 15:39:40 BST 2020] pid
[Fri 15 May 15:39:40 BST 2020] No need to restore nginx, skip.
[Fri 15 May 15:39:40 BST 2020] _clearupdns
[Fri 15 May 15:39:40 BST 2020] dns_entries
[Fri 15 May 15:39:40 BST 2020] skip dns.

[auto-comment[bot]]

If this is a bug report, please upgrade to the latest code and try again: 如果有 bug, 请先更新到最新版试试: acme.sh --upgrade please also provide the log with --debug 2. 同时请提供调试输出 --debug 2 see: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh Without --debug 2 log, your issue will NEVER get replied. 没有调试输出, 你的 issue 不会得到任何解答.

[TheOnlyMunk]

Same issue - also duckdns

[jwcasl]

Same issue - also duckdns

I just had the exact same issue with DuckDNS. Acme.sh has worked brilliantly for years to issue and renew certificates through its dnsapi for DuckDNS, but now I get the same error in adding TXT record and can't renew or issue new certificates. My level 2 debug log looks exactly like the one above other than different domain. Thanks for looking into this.

[Neilpang]

I just tried my duckdns, it works as expected.

please check your duckdns token.

I also added more dubug info. please upgrade to the latest dev branch and try again.

acme.sh --upgrade -b dev

acme.sh --issue -d ......   --debug 2

[sjostrand]

I'm having the same issue, it seems like duckdns doesn't allow creation/updates of subdomains anymore https://www.duckdns.org/update?domains=_acme-challenge.mydomain.duckdns.org&token=myToken&txt=aValue&verbose=true

only return: KO

while: https://www.duckdns.org/update?domains=mydomain.duckdns.org&token=myToken&txt=aValue&verbose=true returns:

OK
aValue
UPDATED

After playing a bit with their API. I found that if you set a TXT-value to mydomain.duckdns.org. What ever subdomain.mydomain.duckdns.org you ask for you get that value. IE: if a do a GET against: https://www.duckdns.org/update?domains=mydomain.duckdns.org&token=myToken&txt=aUniqueValue the response is: OK If i then do: dig _something_random.mydomain.duckdns.org TXT @ns1.duckdns.org i get the value: aUniqueValue

I can't find somewhere that they've changed their API's, but i certainly seems like they have...

[sjostrand]

I just verified an extremly ugly workaround/quickfix. In the _get method i just removed the _acme-challenge part from the query string. IE changing the domain from: _acme-challenge.mydomain.duckdns.org to mydomain.duckdns.org

And it worked.... So DuckDNS must've changed their API's (without changing the documentation)

[TheXRMonk]

So any news on a fix after these findings? Or do we have to do a manual hack to get it working again?

[Neilpang]

Again, I tried with my duckdns domain. it works as expected.

If anyone has problems, please provide your log with --debug 2. Otherwise, I can not help you.

[OlMon]

You can add '--domain-alias mydomain.duckdns.org' to the command and it will work.

[TheXRMonk]

Just upgraded and the issue persists.

You can add '--domain-alias mydomain.duckdns.org' to the command and it will work.

If I understand this correctly I ran; acme.sh --renew -d 'mydomain.duckdns.org' --domain-alias 'mydomain.duckdns.org'

Still getting TXT record response=KO.

Managed to get a log file using --debug 2;

Log

``` (exchanged my real domainname with "myDomain" before posting) [Wed Sep 23 15:20:43 CEST 2020] Lets find script dir. [Wed Sep 23 15:20:43 CEST 2020] _SCRIPT_='/root/.acme.sh/acme.sh' [Wed Sep 23 15:20:43 CEST 2020] _script='/root/.acme.sh/acme.sh' [Wed Sep 23 15:20:43 CEST 2020] _script_home='/root/.acme.sh' [Wed Sep 23 15:20:43 CEST 2020] Using config home:/root/.acme.sh [Wed Sep 23 15:20:43 CEST 2020] Running cmd: renew [Wed Sep 23 15:20:43 CEST 2020] Using config home:/root/.acme.sh [Wed Sep 23 15:20:43 CEST 2020] default_acme_server [Wed Sep 23 15:20:43 CEST 2020] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory' [Wed Sep 23 15:20:43 CEST 2020] DOMAIN_PATH='/root/.acme.sh/myDomain.duckdns.org' [Wed Sep 23 15:20:43 CEST 2020] Renew: 'myDomain.duckdns.org' [Wed Sep 23 15:20:43 CEST 2020] Le_API='https://acme-v02.api.letsencrypt.org/directory' [Wed Sep 23 15:20:43 CEST 2020] Using config home:/root/.acme.sh [Wed Sep 23 15:20:43 CEST 2020] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory' [Wed Sep 23 15:20:43 CEST 2020] _main_domain='myDomain.duckdns.org' [Wed Sep 23 15:20:43 CEST 2020] _alt_domains='*.myDomain.duckdns.org' [Wed Sep 23 15:20:43 CEST 2020] Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/directory [Wed Sep 23 15:20:43 CEST 2020] _init api for server: https://acme-v02.api.letsencrypt.org/directory [Wed Sep 23 15:20:43 CEST 2020] GET [Wed Sep 23 15:20:43 CEST 2020] url='https://acme-v02.api.letsencrypt.org/directory' [Wed Sep 23 15:20:43 CEST 2020] timeout= [Wed Sep 23 15:20:44 CEST 2020] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header --trace-ascii /tmp/tmp.LK8E4NYO -g --insecure ' [Wed Sep 23 15:20:45 CEST 2020] ret='0' [Wed Sep 23 15:20:45 CEST 2020] ACME_KEY_CHANGE='https://acme-v02.api.letsencrypt.org/acme/key-change' [Wed Sep 23 15:20:45 CEST 2020] ACME_NEW_AUTHZ [Wed Sep 23 15:20:45 CEST 2020] ACME_NEW_ORDER='https://acme-v02.api.letsencrypt.org/acme/new-order' [Wed Sep 23 15:20:45 CEST 2020] ACME_NEW_ACCOUNT='https://acme-v02.api.letsencrypt.org/acme/new-acct' [Wed Sep 23 15:20:45 CEST 2020] ACME_REVOKE_CERT='https://acme-v02.api.letsencrypt.org/acme/revoke-cert' [Wed Sep 23 15:20:45 CEST 2020] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf' [Wed Sep 23 15:20:45 CEST 2020] ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce' [Wed Sep 23 15:20:45 CEST 2020] ACME_VERSION='2' [Wed Sep 23 15:20:45 CEST 2020] Le_NextRenewTime='1588455990' [Wed Sep 23 15:20:45 CEST 2020] Using CA: https://acme-v02.api.letsencrypt.org/directory [Wed Sep 23 15:20:45 CEST 2020] _on_before_issue [Wed Sep 23 15:20:45 CEST 2020] _chk_main_domain='myDomain.duckdns.org' [Wed Sep 23 15:20:45 CEST 2020] _chk_alt_domains='*.myDomain.duckdns.org' [Wed Sep 23 15:20:45 CEST 2020] Le_LocalAddress [Wed Sep 23 15:20:45 CEST 2020] d='myDomain.duckdns.org' [Wed Sep 23 15:20:45 CEST 2020] Check for domain='myDomain.duckdns.org' [Wed Sep 23 15:20:45 CEST 2020] _currentRoot='dns_duckdns' [Wed Sep 23 15:20:45 CEST 2020] d='*.myDomain.duckdns.org' [Wed Sep 23 15:20:45 CEST 2020] Check for domain='*.myDomain.duckdns.org' [Wed Sep 23 15:20:45 CEST 2020] _currentRoot='dns_duckdns' [Wed Sep 23 15:20:45 CEST 2020] d [Wed Sep 23 15:20:45 CEST 2020] _saved_account_key_hash is not changed, skip register account. [Wed Sep 23 15:20:45 CEST 2020] Read key length: [Wed Sep 23 15:20:45 CEST 2020] _createcsr [Wed Sep 23 15:20:45 CEST 2020] Multi domain='DNS:myDomain.duckdns.org,DNS:*.myDomain.duckdns.org' [Wed Sep 23 15:20:46 CEST 2020] Getting domain auth token for each domain [Wed Sep 23 15:20:46 CEST 2020] d='*.myDomain.duckdns.org' [Wed Sep 23 15:20:46 CEST 2020] d [Wed Sep 23 15:20:46 CEST 2020] url='https://acme-v02.api.letsencrypt.org/acme/new-order' [Wed Sep 23 15:20:46 CEST 2020] payload='{"identifiers": [{"type":"dns","value":"myDomain.duckdns.org"},{"type":"dns","value":"*.myDomain.duckdns.org"}]}' [Wed Sep 23 15:20:46 CEST 2020] RSA key [Wed Sep 23 15:20:46 CEST 2020] HEAD [Wed Sep 23 15:20:46 CEST 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-nonce' [Wed Sep 23 15:20:46 CEST 2020] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header --trace-ascii /tmp/tmp.j2T7ZN5u -g --insecure -I ' [Wed Sep 23 15:20:47 CEST 2020] _ret='0' [Wed Sep 23 15:20:47 CEST 2020] POST [Wed Sep 23 15:20:47 CEST 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-order' [Wed Sep 23 15:20:47 CEST 2020] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header --trace-ascii /tmp/tmp.j2T7ZN5u -g --insecure ' [Wed Sep 23 15:20:47 CEST 2020] _ret='0' [Wed Sep 23 15:20:48 CEST 2020] code='201' [Wed Sep 23 15:20:48 CEST 2020] Le_LinkOrder='https://acme-v02.api.letsencrypt.org/acme/order/79737907/5331753195' [Wed Sep 23 15:20:48 CEST 2020] Le_OrderFinalize='https://acme-v02.api.letsencrypt.org/acme/finalize/79737907/5331753195' [Wed Sep 23 15:20:48 CEST 2020] url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/7413764727' [Wed Sep 23 15:20:48 CEST 2020] payload [Wed Sep 23 15:20:48 CEST 2020] POST [Wed Sep 23 15:20:48 CEST 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/7413764727' [Wed Sep 23 15:20:48 CEST 2020] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header --trace-ascii /tmp/tmp.j2T7ZN5u -g --insecure ' [Wed Sep 23 15:20:48 CEST 2020] _ret='0' [Wed Sep 23 15:20:48 CEST 2020] code='200' [Wed Sep 23 15:20:48 CEST 2020] url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/7413764735' [Wed Sep 23 15:20:48 CEST 2020] payload [Wed Sep 23 15:20:48 CEST 2020] POST [Wed Sep 23 15:20:48 CEST 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/7413764735' [Wed Sep 23 15:20:48 CEST 2020] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header --trace-ascii /tmp/tmp.j2T7ZN5u -g --insecure ' [Wed Sep 23 15:20:49 CEST 2020] _ret='0' [Wed Sep 23 15:20:49 CEST 2020] code='200' [Wed Sep 23 15:20:49 CEST 2020] d='myDomain.duckdns.org' [Wed Sep 23 15:20:49 CEST 2020] Getting webroot for domain='myDomain.duckdns.org' [Wed Sep 23 15:20:49 CEST 2020] _w='dns_duckdns' [Wed Sep 23 15:20:49 CEST 2020] _currentRoot='dns_duckdns' [Wed Sep 23 15:20:49 CEST 2020] entry='"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/7413764735/bdagLA","token":"_ml0C77F_W-4Y52-4lse5eZ7eNhNBTfdUB3O8I7qj5I"' [Wed Sep 23 15:20:49 CEST 2020] token='_ml0C77F_W-4Y52-4lse5eZ7eNhNBTfdUB3O8I7qj5I' [Wed Sep 23 15:20:49 CEST 2020] uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/7413764735/bdagLA' [Wed Sep 23 15:20:49 CEST 2020] keyauthorization='_ml0C77F_W-4Y52-4lse5eZ7eNhNBTfdUB3O8I7qj5I.Chq-OpxuKTMyD89QzFaoKkbYMWqFt9yY9YqHt1luut4' [Wed Sep 23 15:20:49 CEST 2020] dvlist='myDomain.duckdns.org#_ml0C77F_W-4Y52-4lse5eZ7eNhNBTfdUB3O8I7qj5I.Chq-OpxuKTMyD89QzFaoKkbYMWqFt9yY9YqHt1luut4#https://acme-v02.api.letsencrypt.org/acme/chall-v3/7413764735/bdagLA#dns-01#dns_duckdns' [Wed Sep 23 15:20:49 CEST 2020] d='*.myDomain.duckdns.org' [Wed Sep 23 15:20:49 CEST 2020] Getting webroot for domain='*.myDomain.duckdns.org' [Wed Sep 23 15:20:49 CEST 2020] _w='dns_duckdns' [Wed Sep 23 15:20:49 CEST 2020] _currentRoot='dns_duckdns' [Wed Sep 23 15:20:49 CEST 2020] entry='"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/7413764727/0h-waQ","token":"ChxieqzHvKU3yj6DIhEuB8NiMgbyiR5FDwSQI_-Rm_Q"' [Wed Sep 23 15:20:49 CEST 2020] token='ChxieqzHvKU3yj6DIhEuB8NiMgbyiR5FDwSQI_-Rm_Q' [Wed Sep 23 15:20:49 CEST 2020] uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/7413764727/0h-waQ' [Wed Sep 23 15:20:49 CEST 2020] keyauthorization='ChxieqzHvKU3yj6DIhEuB8NiMgbyiR5FDwSQI_-Rm_Q.Chq-OpxuKTMyD89QzFaoKkbYMWqFt9yY9YqHt1luut4' [Wed Sep 23 15:20:49 CEST 2020] dvlist='*.myDomain.duckdns.org#ChxieqzHvKU3yj6DIhEuB8NiMgbyiR5FDwSQI_-Rm_Q.Chq-OpxuKTMyD89QzFaoKkbYMWqFt9yY9YqHt1luut4#https://acme-v02.api.letsencrypt.org/acme/chall-v3/7413764727/0h-waQ#dns-01#dns_duckdns' [Wed Sep 23 15:20:49 CEST 2020] d [Wed Sep 23 15:20:49 CEST 2020] vlist='myDomain.duckdns.org#_ml0C77F_W-4Y52-4lse5eZ7eNhNBTfdUB3O8I7qj5I.Chq-OpxuKTMyD89QzFaoKkbYMWqFt9yY9YqHt1luut4#https://acme-v02.api.letsencrypt.org/acme/chall-v3/7413764735/bdagLA#dns-01#dns_duckdns,*.myDomain.duckdns.org#ChxieqzHvKU3yj6DIhEuB8NiMgbyiR5FDwSQI_-Rm_Q.Chq-OpxuKTMyD89QzFaoKkbYMWqFt9yY9YqHt1luut4#https://acme-v02.api.letsencrypt.org/acme/chall-v3/7413764727/0h-waQ#dns-01#dns_duckdns,' [Wed Sep 23 15:20:49 CEST 2020] d='myDomain.duckdns.org' [Wed Sep 23 15:20:49 CEST 2020] _d_alias [Wed Sep 23 15:20:49 CEST 2020] txtdomain='_acme-challenge.myDomain.duckdns.org' [Wed Sep 23 15:20:49 CEST 2020] txt='NMxlr9grbdAh_5SoQHDT-o_GP8D99fsIbSF-nEzOaTM' [Wed Sep 23 15:20:49 CEST 2020] d_api='/root/.acme.sh/dnsapi/dns_duckdns.sh' [Wed Sep 23 15:20:49 CEST 2020] Found domain api file: /root/.acme.sh/dnsapi/dns_duckdns.sh [Wed Sep 23 15:20:49 CEST 2020] Adding txt value: NMxlr9grbdAh_5SoQHDT-o_GP8D99fsIbSF-nEzOaTM for domain: _acme-challenge.myDomain.duckdns.org [Wed Sep 23 15:20:49 CEST 2020] Trying to add TXT record [Wed Sep 23 15:20:49 CEST 2020] param='domains=_acme-challenge.myDomain.duckdns.org&token=6eaacabf-62a7-4ab6-9bdf-9b6cb8a75fc4&txt=NMxlr9grbdAh_5SoQHDT-o_GP8D99fsIbSF-nEzOaTM' [Wed Sep 23 15:20:49 CEST 2020] url='https://www.duckdns.org/update?domains=_acme-challenge.myDomain.duckdns.org&token=6eaacabf-62a7-4ab6-9bdf-9b6cb8a75fc4&txt=NMxlr9grbdAh_5SoQHDT-o_GP8D99fsIbSF-nEzOaTM' [Wed Sep 23 15:20:49 CEST 2020] GET [Wed Sep 23 15:20:49 CEST 2020] url='https://www.duckdns.org/update?domains=_acme-challenge.myDomain.duckdns.org&token=6eaacabf-62a7-4ab6-9bdf-9b6cb8a75fc4&txt=NMxlr9grbdAh_5SoQHDT-o_GP8D99fsIbSF-nEzOaTM' [Wed Sep 23 15:20:49 CEST 2020] timeout= [Wed Sep 23 15:20:49 CEST 2020] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header --trace-ascii /tmp/tmp.j2T7ZN5u -g --insecure ' [Wed Sep 23 15:20:50 CEST 2020] ret='0' [Wed Sep 23 15:20:50 CEST 2020] Errors happened during adding the TXT record, response=KO [Wed Sep 23 15:20:50 CEST 2020] Error add txt for domain:_acme-challenge.myDomain.duckdns.org [Wed Sep 23 15:20:50 CEST 2020] _on_issue_err [Wed Sep 23 15:20:50 CEST 2020] Please check log file for more details: /media/Logs/mylog.log [Wed Sep 23 15:20:50 CEST 2020] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/7413764735/bdagLA' [Wed Sep 23 15:20:50 CEST 2020] payload='{}' [Wed Sep 23 15:20:50 CEST 2020] POST [Wed Sep 23 15:20:50 CEST 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/7413764735/bdagLA' [Wed Sep 23 15:20:50 CEST 2020] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header --trace-ascii /tmp/tmp.j2T7ZN5u -g --insecure ' [Wed Sep 23 15:20:51 CEST 2020] _ret='0' [Wed Sep 23 15:20:51 CEST 2020] code='200' [Wed Sep 23 15:20:51 CEST 2020] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/7413764727/0h-waQ' [Wed Sep 23 15:20:51 CEST 2020] payload='{}' [Wed Sep 23 15:20:51 CEST 2020] POST [Wed Sep 23 15:20:51 CEST 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/7413764727/0h-waQ' [Wed Sep 23 15:20:51 CEST 2020] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header --trace-ascii /tmp/tmp.j2T7ZN5u -g --insecure ' [Wed Sep 23 15:20:52 CEST 2020] _ret='0' [Wed Sep 23 15:20:52 CEST 2020] code='200' [Wed Sep 23 15:20:52 CEST 2020] Diagnosis versions: openssl:openssl OpenSSL 1.0.2o-freebsd 27 Mar 2018 apache: apache doesn't exist. nginx: nginx version: nginx/1.16.1 built with OpenSSL 1.0.2s-freebsd 28 May 2019 (running with OpenSSL 1.0.2o-freebsd 27 Mar 2018) TLS SNI support enabled configure arguments: --prefix=/usr/local/etc/nginx --with-cc-opt='-I /usr/local/include' --with-ld-opt='-L /usr/local/lib' --conf-path=/usr/local/etc/nginx/nginx.conf --sbin-path=/usr/local/sbin/nginx --pid-path=/var/run/nginx.pid --error-log-path=/var/log/nginx/error.log --user=www --group=www --modules-path=/usr/local/libexec/nginx --with-file-aio --http-client-body-temp-path=/var/tmp/nginx/client_body_temp --http-fastcgi-temp-path=/var/tmp/nginx/fastcgi_temp --http-proxy-temp-path=/var/tmp/nginx/proxy_temp --http-scgi-temp-path=/var/tmp/nginx/scgi_temp --http-uwsgi-temp-path=/var/tmp/nginx/uwsgi_temp --http-log-path=/var/log/nginx/access.log --with-http_v2_module --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-pcre --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --without-mail_imap_module --without-mail_pop3_module --without-mail_smtp_module --with-mail_ssl_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-threads --with-mail=dynamic --with-stream=dynamic socat: socat by Gerhard Rieger and contributors - see www.dest-unreach.org socat version 1.7.3.4 on Jul 10 2020 03:17:18 running on FreeBSD version FreeBSD 11.2-STABLE #0 r325575+c9231c7d6bd(HEAD): Mon Nov 18 22:46:47 UTC 2019 root@nemesis:/freenas-releng/freenas/_BE/objs/freenas-releng/freenas/_BE/os/sys/FreeNAS.amd64, release 11.2-STABLE, machine amd64 features: #define WITH_STDIO 1 #define WITH_FDNUM 1 #define WITH_FILE 1 #define WITH_CREAT 1 #define WITH_GOPEN 1 #define WITH_TERMIOS 1 #define WITH_PIPE 1 #define WITH_UNIX 1 #undef WITH_ABSTRACT_UNIXSOCKET #define WITH_IP4 1 #define WITH_IP6 1 #define WITH_RAWIP 1 #define WITH_GENERICSOCKET 1 #undef WITH_INTERFACE #define WITH_TCP 1 #define WITH_UDP 1 #define WITH_SCTP 1 #define WITH_LISTEN 1 #define WITH_SOCKS4 1 #define WITH_SOCKS4A 1 #define WITH_PROXY 1 #define WITH_SYSTEM 1 #define WITH_EXEC 1 #undef WITH_READLINE #undef WITH_TUN #define WITH_PTY 1 #define WITH_OPENSSL 1 #undef WITH_FIPS #define WITH_LIBWRAP 1 #define WITH_SYCLS 1 #define WITH_FILAN 1 #define WITH_RETRY 1 #define WITH_MSGLEVEL 0 /*debug*/ [Wed Sep 23 15:20:52 CEST 2020] pid [Wed Sep 23 15:20:52 CEST 2020] No need to restore nginx, skip. [Wed Sep 23 15:20:52 CEST 2020] _clearupdns [Wed Sep 23 15:20:52 CEST 2020] dns_entries [Wed Sep 23 15:20:52 CEST 2020] skip dns. ```

[TheXRMonk]

Again, I tried with my duckdns domain. it works as expected.

If anyone has problems, please provide your log with --debug 2. Otherwise, I can not help you.

Any news? Or value in the log I posted?

[mind12]

Again, I tried with my duckdns domain. it works as expected. If anyone has problems, please provide your log with --debug 2. Otherwise, I can not help you.

Any news? Or value in the log I posted?

The problem is here, you can't add this record to DuckDNS: Error add txt for domain:_acme-challenge.myDomain.duckdns.org

However it's working for me (single domain not multi) using --domain-alias mydomain.duckdns.org

[boss1819]

add the domain/IP once manually on the duckdns website, then attempt the cert creation/renewal. it works this way