dns-01 validation not working

[pu-sh]

Hi,

I'm trying to validate www.yellowfield.in using the dns-01 challenge with a manual handler.

***Background info:

1. OS - Windows 10
2. Domain registrar - Namecheap
3. Site hosted on - Lunarpages.com

***Commands I typed:

1. New-ACMEIdentifier -Dns www.yellowfield.in -Alias yellowfield_14Jun18_06
2. Complete-ACMEChallenge yellowfield_14Jun18_06 -ChallengeType dns-01 -Handler manual
3. (Update-ACMEIdentifier yellowfield_14Jun1806 -ChallengeType dns-01).Challenges | Where-Object {$.Type -eq "dns-01"} ==== At this point of time, I went to the Namecheap website and edited my DNS records to create a TXT record with the information I got from the Update-ACME command and input name=_acme-challenge.www.yellowfield.in and value=rMDD-cinTJvCSqQkbX6qj3rm44VjmpfL_FgYIPPjFNs ==== I then waited for a minute ====
4. Submit-ACMEChallenge yellowfield_14Jun18_06 -ChallengeType dns-01 IdentifierPart : ACMESharp.Messages.IdentifierPart IdentifierType : dns Identifier : www.yellowfield.in Uri : https://acme-v01.api.letsencrypt.org/acme/authz/xUOJ9mL3dObpgwEGxztwQjv65MAcZALBBhczaRf_taA Status : pending Expires : 20-06-18 19:55:29 Challenges : {, manual} Combinations : {1, 0}

5. (Update-ACMEIdentifier yellowfield_14Jun1806 -ChallengeType dns-01).Challenges | Where-Object {$.Type -eq "dns-01"} ChallengePart : ACMESharp.Messages.ChallengePart Challenge : ACMESharp.ACME.DnsChallenge Type : dns-01 Uri : https://acme-v01.api.letsencrypt.org/acme/challenge/xUOJ9mL3dObpgwEGxztwQjv65MAcZALBBhczaRf_taA/5096468866 Token : MNsSiNILvAD0NItWtZFShqOOi1RNSO-6UTuLuB4TNBE Status : invalid OldChallengeAnswer : [, ] ChallengeAnswerMessage : HandlerName : manual HandlerHandleDate : 14-06-18 01:22:40 HandlerHandleMessage : == Manual Challenge Handler - DNS ==

   • Handle Time: [14-06-18 01:22:40]

   • Challenge Token: [MNsSiNILvAD0NItWtZFShqOOi1RNSO-6UTuLuB4TNBE]

                  To complete this Challenge please create a new Resource
                  Record (RR) with the following characteristics:

   • RR Type: [TXT]
   • RR Name: [_acme-challenge.www.yellowfield.in]

   • RR Value: [rMDD-cinTJvCSqQkbX6qj3rm44VjmpfL_FgYIPPjFNs]

***Error message on this link: https://acme-v01.api.letsencrypt.org/acme/challenge/xUOJ9mL3dObpgwEGxztwQjv65MAcZALBBhczaRf_taA/5096468866 { "type": "dns-01", "status": "invalid", "error": { "type": "urn:acme:error:dns", "detail": "DNS problem: NXDOMAIN looking up TXT for _acme-challenge.www.yellowfield.in", "status": 400 }, "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/xUOJ9mL3dObpgwEGxztwQjv65MAcZALBBhczaRf_taA/5096468866", "token": "MNsSiNILvAD0NItWtZFShqOOi1RNSO-6UTuLuB4TNBE", "keyAuthorization": "MNsSiNILvAD0NItWtZFShqOOi1RNSO-6UTuLuB4TNBE.x_Y2HCnlvbg-5_EwQztllwj57Zh_Evm_1AgbFTpNP5k" }

***There is no DNSSec issue as my domain does not have DNSSec enabled

***I've tried using unboundtest.com. Output of unboundtest.com given below:

Query results for TXT www.yellowfield.in

Response: ;; opcode: QUERY, status: NOERROR, id: 57025 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION: ;www.yellowfield.in. IN TXT

;; ANSWER SECTION: www.yellowfield.in. 1800 IN CNAME yellowfield.chandraworld.net.

;; AUTHORITY SECTION: chandraworld.net. 0 IN SOA ns1.lunarpages.com. alerts.lunarpages.com. 2018060200 14400 7200 3600000 86400

----- Unbound logs ----- Jun 13 20:15:21 unbound[30688:0] notice: init module 0: validator Jun 13 20:15:21 unbound[30688:0] notice: init module 1: iterator Jun 13 20:15:21 unbound[30688:0] info: start of service (unbound 1.6.7). Jun 13 20:15:22 unbound[30688:0] info: 127.0.0.1 www.yellowfield.in. TXT IN Jun 13 20:15:22 unbound[30688:0] info: resolving www.yellowfield.in. TXT IN Jun 13 20:15:22 unbound[30688:0] info: priming . IN NS Jun 13 20:15:22 unbound[30688:0] info: response for . NS IN Jun 13 20:15:22 unbound[30688:0] info: reply from <.> 192.112.36.4#53 Jun 13 20:15:22 unbound[30688:0] info: query response was ANSWER Jun 13 20:15:22 unbound[30688:0] info: priming successful for . NS IN Jun 13 20:15:22 unbound[30688:0] info: response for www.yellowfield.in. TXT IN Jun 13 20:15:22 unbound[30688:0] info: reply from <.> 192.33.4.12#53 Jun 13 20:15:22 unbound[30688:0] info: query response was REFERRAL Jun 13 20:15:22 unbound[30688:0] info: response for www.yellowfield.in. TXT IN Jun 13 20:15:22 unbound[30688:0] info: reply from 199.253.56.1#53 Jun 13 20:15:22 unbound[30688:0] info: query response was REFERRAL Jun 13 20:15:22 unbound[30688:0] info: resolving dns1.registrar-servers.com. AAAA IN Jun 13 20:15:22 unbound[30688:0] info: resolving dns2.registrar-servers.com. A IN Jun 13 20:15:22 unbound[30688:0] info: resolving dns2.registrar-servers.com. AAAA IN Jun 13 20:15:22 unbound[30688:0] info: resolving dns1.registrar-servers.com. A IN Jun 13 20:15:22 unbound[30688:0] info: response for dns2.registrar-servers.com. AAAA IN Jun 13 20:15:22 unbound[30688:0] info: reply from <.> 192.5.5.241#53 Jun 13 20:15:22 unbound[30688:0] info: query response was REFERRAL Jun 13 20:15:22 unbound[30688:0] info: response for dns1.registrar-servers.com. A IN Jun 13 20:15:22 unbound[30688:0] info: reply from <.> 192.203.230.10#53 Jun 13 20:15:22 unbound[30688:0] info: query response was REFERRAL Jun 13 20:15:22 unbound[30688:0] info: response for dns1.registrar-servers.com. AAAA IN Jun 13 20:15:22 unbound[30688:0] info: reply from <.> 2001:503:c27::2:30#53 Jun 13 20:15:22 unbound[30688:0] info: query response was REFERRAL Jun 13 20:15:22 unbound[30688:0] info: response for dns1.registrar-servers.com. AAAA IN Jun 13 20:15:22 unbound[30688:0] info: reply from 2001:503:eea3::30#53 Jun 13 20:15:22 unbound[30688:0] info: query response was REFERRAL Jun 13 20:15:22 unbound[30688:0] info: response for dns1.registrar-servers.com. AAAA IN Jun 13 20:15:22 unbound[30688:0] info: reply from 209.112.113.33#53 Jun 13 20:15:22 unbound[30688:0] info: query response was ANSWER Jun 13 20:15:22 unbound[30688:0] info: response for dns2.registrar-servers.com. A IN Jun 13 20:15:22 unbound[30688:0] info: reply from <.> 199.7.83.42#53 Jun 13 20:15:22 unbound[30688:0] info: query response was REFERRAL Jun 13 20:15:22 unbound[30688:0] info: response for www.yellowfield.in. TXT IN Jun 13 20:15:22 unbound[30688:0] info: reply from 2620:74:19::33#53 Jun 13 20:15:22 unbound[30688:0] info: query response was CNAME Jun 13 20:15:22 unbound[30688:0] info: resolving www.yellowfield.in. TXT IN Jun 13 20:15:22 unbound[30688:0] info: response for www.yellowfield.in. TXT IN Jun 13 20:15:22 unbound[30688:0] info: reply from <.> 2001:503:c27::2:30#53 Jun 13 20:15:22 unbound[30688:0] info: query response was REFERRAL Jun 13 20:15:22 unbound[30688:0] info: response for dns2.registrar-servers.com. AAAA IN Jun 13 20:15:22 unbound[30688:0] info: reply from 192.55.83.30#53 Jun 13 20:15:22 unbound[30688:0] info: query response was REFERRAL Jun 13 20:15:22 unbound[30688:0] info: response for dns2.registrar-servers.com. AAAA IN Jun 13 20:15:22 unbound[30688:0] info: reply from 2001:500:7967::2:33#53 Jun 13 20:15:22 unbound[30688:0] info: query response was ANSWER Jun 13 20:15:22 unbound[30688:0] info: response for dns2.registrar-servers.com. A IN Jun 13 20:15:22 unbound[30688:0] info: reply from 2001:501:b1f9::30#53 Jun 13 20:15:22 unbound[30688:0] info: query response was REFERRAL Jun 13 20:15:22 unbound[30688:0] info: response for www.yellowfield.in. TXT IN Jun 13 20:15:22 unbound[30688:0] info: reply from 192.54.112.30#53 Jun 13 20:15:22 unbound[30688:0] info: query response was REFERRAL Jun 13 20:15:22 unbound[30688:0] info: resolving ns1.lunarpages.com. AAAA IN Jun 13 20:15:22 unbound[30688:0] info: resolving ns2.lunarpages.com. A IN Jun 13 20:15:22 unbound[30688:0] info: resolving ns2.lunarpages.com. AAAA IN Jun 13 20:15:22 unbound[30688:0] info: resolving ns1.lunarpages.com. A IN Jun 13 20:15:22 unbound[30688:0] info: response for ns2.lunarpages.com. A IN Jun 13 20:15:22 unbound[30688:0] info: reply from 2001:502:1ca1::30#53 Jun 13 20:15:22 unbound[30688:0] info: query response was REFERRAL Jun 13 20:15:22 unbound[30688:0] info: resolving ns2.lunarfo.com. AAAA IN Jun 13 20:15:22 unbound[30688:0] info: resolving ns1.lunarfo.com. AAAA IN Jun 13 20:15:22 unbound[30688:0] info: response for ns2.lunarpages.com. AAAA IN Jun 13 20:15:22 unbound[30688:0] info: reply from 2001:503:d414::30#53 Jun 13 20:15:22 unbound[30688:0] info: query response was REFERRAL Jun 13 20:15:22 unbound[30688:0] info: response for ns1.lunarfo.com. AAAA IN Jun 13 20:15:22 unbound[30688:0] info: reply from 192.5.6.30#53 Jun 13 20:15:22 unbound[30688:0] info: query response was REFERRAL Jun 13 20:15:22 unbound[30688:0] info: response for ns2.lunarpages.com. AAAA IN Jun 13 20:15:22 unbound[30688:0] info: reply from 64.50.177.50#53 Jun 13 20:15:22 unbound[30688:0] info: query response was nodata ANSWER Jun 13 20:15:22 unbound[30688:0] info: response for ns2.lunarpages.com. A IN Jun 13 20:15:22 unbound[30688:0] info: reply from 64.50.177.50#53 Jun 13 20:15:22 unbound[30688:0] info: query response was ANSWER Jun 13 20:15:22 unbound[30688:0] info: response for ns1.lunarpages.com. A IN Jun 13 20:15:22 unbound[30688:0] info: reply from 2001:500:d937::30#53 Jun 13 20:15:22 unbound[30688:0] info: query response was REFERRAL Jun 13 20:15:22 unbound[30688:0] info: response for ns1.lunarfo.com. AAAA IN Jun 13 20:15:22 unbound[30688:0] info: reply from 67.210.96.101#53 Jun 13 20:15:22 unbound[30688:0] info: query response was nodata ANSWER Jun 13 20:15:22 unbound[30688:0] info: response for ns1.lunarpages.com. AAAA IN Jun 13 20:15:22 unbound[30688:0] info: reply from 192.43.172.30#53 Jun 13 20:15:22 unbound[30688:0] info: query response was REFERRAL Jun 13 20:15:22 unbound[30688:0] info: resolving ns1.lunarfo.com. AAAA IN Jun 13 20:15:22 unbound[30688:0] info: response for ns2.lunarfo.com. AAAA IN Jun 13 20:15:22 unbound[30688:0] info: reply from 192.48.79.30#53 Jun 13 20:15:22 unbound[30688:0] info: query response was REFERRAL Jun 13 20:15:22 unbound[30688:0] info: response for www.yellowfield.in. TXT IN Jun 13 20:15:22 unbound[30688:0] info: reply from 216.227.215.2#53 Jun 13 20:15:22 unbound[30688:0] info: query response was nodata ANSWER Jun 13 20:15:22 unbound[30688:0] info: prime trust anchor Jun 13 20:15:22 unbound[30688:0] info: resolving . DNSKEY IN Jun 13 20:15:22 unbound[30688:0] info: resolving _ta-4a5c-4f66. NULL IN Jun 13 20:15:22 unbound[30688:0] info: response for . DNSKEY IN Jun 13 20:15:22 unbound[30688:0] info: reply from <.> 192.5.5.241#53 Jun 13 20:15:22 unbound[30688:0] info: query response was ANSWER Jun 13 20:15:22 unbound[30688:0] info: validate keys with anchor(DS): sec_status_secure Jun 13 20:15:22 unbound[30688:0] info: Successfully primed trust anchor . DNSKEY IN Jun 13 20:15:22 unbound[30688:0] info: validated DS in. DS IN Jun 13 20:15:22 unbound[30688:0] info: resolving in. DNSKEY IN Jun 13 20:15:22 unbound[30688:0] info: response for _ta-4a5c-4f66. NULL IN Jun 13 20:15:22 unbound[30688:0] info: reply from <.> 2001:500:a8::e#53 Jun 13 20:15:22 unbound[30688:0] info: query response was NXDOMAIN ANSWER Jun 13 20:15:22 unbound[30688:0] info: response for ns1.lunarpages.com. A IN Jun 13 20:15:22 unbound[30688:0] info: reply from 67.210.96.101#53 Jun 13 20:15:22 unbound[30688:0] info: query response was ANSWER Jun 13 20:15:22 unbound[30688:0] info: response for ns1.lunarpages.com. AAAA IN Jun 13 20:15:22 unbound[30688:0] info: reply from 67.210.96.101#53 Jun 13 20:15:22 unbound[30688:0] info: query response was nodata ANSWER Jun 13 20:15:22 unbound[30688:0] info: response for ns1.lunarfo.com. AAAA IN Jun 13 20:15:22 unbound[30688:0] info: reply from 67.210.96.101#53 Jun 13 20:15:22 unbound[30688:0] info: query response was nodata ANSWER Jun 13 20:15:22 unbound[30688:0] info: response for ns2.lunarfo.com. AAAA IN Jun 13 20:15:22 unbound[30688:0] info: reply from 64.50.177.50#53 Jun 13 20:15:22 unbound[30688:0] info: query response was nodata ANSWER Jun 13 20:15:22 unbound[30688:0] info: response for dns1.registrar-servers.com. A IN Jun 13 20:15:22 unbound[30688:0] info: reply from 2001:502:7094::30#53 Jun 13 20:15:22 unbound[30688:0] info: query response was REFERRAL Jun 13 20:15:22 unbound[30688:0] info: response for dns1.registrar-servers.com. A IN Jun 13 20:15:22 unbound[30688:0] info: reply from 209.112.113.33#53 Jun 13 20:15:22 unbound[30688:0] info: query response was ANSWER Jun 13 20:15:22 unbound[30688:0] info: response for dns2.registrar-servers.com. A IN Jun 13 20:15:22 unbound[30688:0] info: reply from 2001:502:cbe4::33#53 Jun 13 20:15:22 unbound[30688:0] info: query response was ANSWER Jun 13 20:15:23 unbound[30688:0] info: response for in. DNSKEY IN Jun 13 20:15:23 unbound[30688:0] info: reply from 2001:4528:fff:13::142#53 Jun 13 20:15:23 unbound[30688:0] info: query response was ANSWER Jun 13 20:15:23 unbound[30688:0] info: validated DNSKEY in. DNSKEY IN Jun 13 20:15:23 unbound[30688:0] info: resolving yellowfield.in. DS IN Jun 13 20:15:23 unbound[30688:0] info: priming . IN NS Jun 13 20:15:23 unbound[30688:0] info: response for . NS IN Jun 13 20:15:23 unbound[30688:0] info: reply from <.> 2001:500:12::d0d#53 Jun 13 20:15:23 unbound[30688:0] info: query response was ANSWER Jun 13 20:15:23 unbound[30688:0] info: priming successful for . NS IN Jun 13 20:15:23 unbound[30688:0] info: response for yellowfield.in. DS IN Jun 13 20:15:23 unbound[30688:0] info: reply from <.> 2001:500:2::c#53 Jun 13 20:15:23 unbound[30688:0] info: query response was REFERRAL Jun 13 20:15:23 unbound[30688:0] info: response for yellowfield.in. DS IN Jun 13 20:15:23 unbound[30688:0] info: reply from 199.253.56.1#53 Jun 13 20:15:23 unbound[30688:0] info: query response was nodata ANSWER Jun 13 20:15:23 unbound[30688:0] info: NSEC3s for the referral proved no DS. Jun 13 20:15:23 unbound[30688:0] info: Verified that unsigned response is INSECURE Jun 13 20:15:23 unbound[30688:0] info: prime trust anchor Jun 13 20:15:23 unbound[30688:0] info: resolving . DNSKEY IN Jun 13 20:15:23 unbound[30688:0] info: resolving _ta-4a5c-4f66. NULL IN Jun 13 20:15:23 unbound[30688:0] info: response for _ta-4a5c-4f66. NULL IN Jun 13 20:15:23 unbound[30688:0] info: reply from <.> 2001:503:c27::2:30#53 Jun 13 20:15:23 unbound[30688:0] info: query response was NXDOMAIN ANSWER Jun 13 20:15:23 unbound[30688:0] info: response for . DNSKEY IN Jun 13 20:15:23 unbound[30688:0] info: reply from <.> 192.36.148.17#53 Jun 13 20:15:23 unbound[30688:0] info: query response was ANSWER Jun 13 20:15:23 unbound[30688:0] info: validate keys with anchor(DS): sec_status_secure Jun 13 20:15:23 unbound[30688:0] info: Successfully primed trust anchor . DNSKEY IN Jun 13 20:15:23 unbound[30688:0] info: resolving net. DS IN Jun 13 20:15:24 unbound[30688:0] info: response for net. DS IN Jun 13 20:15:24 unbound[30688:0] info: reply from <.> 199.7.83.42#53 Jun 13 20:15:24 unbound[30688:0] info: query response was ANSWER Jun 13 20:15:24 unbound[30688:0] info: validated DS net. DS IN Jun 13 20:15:24 unbound[30688:0] info: resolving net. DNSKEY IN Jun 13 20:15:24 unbound[30688:0] info: priming . IN NS Jun 13 20:15:24 unbound[30688:0] info: response for . NS IN Jun 13 20:15:24 unbound[30688:0] info: reply from <.> 193.0.14.129#53 Jun 13 20:15:24 unbound[30688:0] info: query response was ANSWER Jun 13 20:15:24 unbound[30688:0] info: priming successful for . NS IN Jun 13 20:15:24 unbound[30688:0] info: response for net. DNSKEY IN Jun 13 20:15:24 unbound[30688:0] info: reply from <.> 192.33.4.12#53 Jun 13 20:15:24 unbound[30688:0] info: query response was REFERRAL Jun 13 20:15:24 unbound[30688:0] info: response for net. DNSKEY IN Jun 13 20:15:24 unbound[30688:0] info: reply from 2001:503:231d::2:30#53 Jun 13 20:15:24 unbound[30688:0] info: query response was ANSWER Jun 13 20:15:24 unbound[30688:0] info: validated DNSKEY net. DNSKEY IN Jun 13 20:15:24 unbound[30688:0] info: resolving chandraworld.net. DS IN Jun 13 20:15:24 unbound[30688:0] info: response for chandraworld.net. DS IN Jun 13 20:15:24 unbound[30688:0] info: reply from 192.26.92.30#53 Jun 13 20:15:24 unbound[30688:0] info: query response was nodata ANSWER Jun 13 20:15:24 unbound[30688:0] info: NSEC3s for the referral proved no DS. Jun 13 20:15:24 unbound[30688:0] info: Verified that unsigned response is INSECURE

[sikemullivan]

Same thing for me. I'm using Godaddy

[shahasachin]

I am also getting same error...