NOTE: values are not real (represents results of letsencrypts' staging server for a test ip)
So this isn't an issue per say; its more of not understanding how the response the client returns maps to TXT records (given that each DNS api has a slightly different implementation).
Reading through the README, I see this:
When using -t, each domain (primary and altnames) is authorised over standard output
and input between the caller and acme-client as follows:
(a). acme-client prints “challenge-type dns-domain token.thumbprint\n” (note the trailing newline) on
its standard output.
(b). The caller performs any tasks to implement the challenge's response.
(c). The caller writes the same three-field string and the newline to the standard input of acme-client.
This cycle repeats for each requested domain, then acme-client exits.
My question is:
Which of the 3 part string in (a) response corresponds to TXT VALUE ?
I have tried using:
all 3 parts combined (respecting the spaces between the 1st two and the period that joins the token
and thumbprint)
only the token
only the thumbprint
None of the above work; instead returning errors that match this:
acme-client: transfer buffer: [
{
"type": "dns-01",
"status": "invalid",
"error": {
"type": "urn:acme:error:unauthorized",
"detail": "Incorrect TXT record \"TChR2DfPtEOyWaxl750J4E_sJo97szwCVHq3PT5NfRU.LyF9F8lc51hP9u3aOG7Lwnt-3DnMV2MpLi0RgHGM-VA\" found at _acme-challenge.sub.domain.com",
"status": 403
},
"uri": "https://acme-staging.api.letsencrypt.org/acme/challenge/LPRoT8sfbwpbQU99UXs10jI1VSn9HyhfIFDcvcDlo9Y/158596424",
"token": "2Q_pQKPWiun16FT60BGriRh1Tcb7fXrmOCOLOYXXTPc",
"keyAuthorization": "2Q_pQKPWiun16FT60BGriRh1Tcb7fXrmOCOLOYXXTPc.LyF9F8lc51hP9u3aOG7Lwnt-3DnMV2MpLi0RgHGM-VA"
}
]
(590 bytes)
acme-client: bad exit: netproc(48): 1
I also ran dig -t txt _acme-challenge.sub.domain.com and confirmed got this results:
NOTE: values are not real (represents results of letsencrypts' staging server for a test ip)
So this isn't an issue per say; its more of not understanding how the response the client returns maps to TXT records (given that each DNS api has a slightly different implementation).
Reading through the README, I see this:
My question is:
I have tried using:
None of the above work; instead returning errors that match this:
I also ran
dig -t txt _acme-challenge.sub.domain.com
and confirmed got this results: