MdeLv
commented
1 year ago Cause of the trouble: there was a misconfiguration of NS. That's why the CNAME was poorly propagated on name servers.
Suggestion: what about checking that CNAME record for _acme-challenge.foo.org to ****.auth.acme-dns.io. is CORRECT instead of a cryptic "Detail: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.foo.org - check that a DNS record exists for this domain" because these TXT records are managed by auth.acme-dns.io.
maddes-b
Hi,
certbot and acme-dns-certbot.py work well to get certificates for several domains, wildcard or not.
I have a problem to renew one wildcard TLS certificate (foo.org,*.foo.org)
The only cause I can see is a limited propagation of the CNAME record for _acme-challenge.foo.org (with a value like 47fc-****.auth.acme-dns.io.): Only cloudflare shows the expected resourced record while other domain names are propagated on all main nameservers (cloudflare opendns yandex quad9 google).
1/ Have you experienced such problem? 2/ Can you check if some settings could be done on auth.acme-dns.io. to improve propagation ? 3/ Is here an option to force using a nameserver which is known to deliver the expected CNAME record?
Side question: is running one's own instance of acme-dns (with the go program, etc. instead of using auth.acme-dns.io.) is known to improve this issue?
Thanks.
EDIT I could have the DNS cache flushed for google, etc. Now _acme-challenge.foo.org has correct CNAME record. But stil the following errors
then simply:
or again and mainly the 2 items error.
I don't understand why there is a "DNS problem: NXDOMAIN looking up TXT for _acme-challenge.foo.org" because there is a CNAME record for _acme-challenge.foo.org to ****.auth.acme-dns.io. where 2 TXT records are generated with a TTL of 1 s. Is it an incorrect message from cerbot ?