mirror of
https://github.com/dehydrated-io/dehydrated.git
synced 2026-01-13 15:13:33 +01:00
Challenge Validation Has failed- urn:ietf:params:acme:error:dns #536
Reference in New Issue
Block a user
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @kshah37 on GitHub (May 14, 2021).
I was using dehydrated for my domain lab.smartipcloud.com Now, I want to use it for lab2.smartipcloud.com as well. So I want to use *.smartipcloud.com (Wildcard). But I am having DNS-01 error.
Domain Name: *.smartipcloud.com
Email Address: tfernandez@smartip.ca
fatal: destination path 'dehydrated' already exists and is not an empty directory.
fatal: destination path 'dns-01-manual' already exists and is not an empty directory.
INFO: Using main config file /etc/dehydrated/config
INFO: Using main config file /etc/dehydrated/config
Unknown hook "this_hookscript_is_broken__dehydrated_is_working_fine__please_ignore_unknown_hooks_in_your_script"
Unknown hook "startup_hook"
Processing *.smartipcloud.com
Unknown hook "this_hookscript_is_broken__dehydrated_is_working_fine__please_ignore_unknown_hooks_in_your_script"
Add the following to the zone definition of smartipcloud.com:
_acme-challenge.smartipcloud.com. IN TXT "pLk-sQrDW3WFAHZL1rYGteY8ShMgryN2J-YdxyWRuKg"
Press enter to continue...
Unknown hook "invalid_challenge"
Now you can remove the following from the zone definition of smartipcloud.com:
_acme-challenge.smartipcloud.com. IN TXT "pLk-sQrDW3WFAHZL1rYGteY8ShMgryN2J-YdxyWRuKg"
Press enter to continue...
ERROR: Challenge is invalid! (returned: invalid) (result: ["type"] "dns-01"
["status"] "invalid"
["error","type"] "urn:ietf:params:acme:error:dns"
["error","detail"] "DNS problem: NXDOMAIN looking up TXT for _acme-challenge.smartipcloud.com - check that a DNS record exists for this domain"
["error","status"] 400
["error"] {"type":"urn:ietf:params:acme:error:dns","detail":"DNS problem: NXDOMAIN looking up TXT for _acme-challenge.smartipcloud.com - check that a DNS record exists for this domain","status":400}
["url"] "https://acme-v02.api.letsencrypt.org/acme/chall-v3/13007873992/ZBVaxw"
["token"] "1rmqJGclz9-0Hn7VkxPD7zYe6nG93MtNw4mmhYFM8Wo"
["validated"] "2021-05-14T12:25:14Z")
Challenge is invalid! (returned: invalid) (result: ["type"] "dns-01"
["status"] "invalid"
["error","type"] "urn:ietf:params:acme:error:dns"
["error","detail"] "DNS problem: NXDOMAIN looking up TXT for _acme-challenge.smartipcloud.com - check that a DNS record exists for this domain"
["error","status"] 400
["error"] {"type":"urn:ietf:params:acme:error:dns","detail":"DNS problem: NXDOMAIN looking up TXT for _acme-challenge.smartipcloud.com - check that a DNS record exists for this domain","status":400}
["url"] "https://acme-v02.api.letsencrypt.org/acme/chall-v3/13007873992/ZBVaxw"
["token"] "1rmqJGclz9-0Hn7VkxPD7zYe6nG93MtNw4mmhYFM8Wo"
["validated"] "2021-05-14T12:25:14Z")
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
cat: /etc/dehydrated/certs/smartipcloud.com/fullchain.pem: No such file or directory
cat: /etc/dehydrated/certs/smartipcloud.com/privkey.pem: No such file or directory
cp: cannot stat '/etc/dehydrated/certs/smartipcloud.com/cert.pem': No such file or directory
cp: cannot stat '/etc/dehydrated/certs/smartipcloud.com/chain.pem': No such file or directory
cp: cannot stat '/etc/dehydrated/certs/smartipcloud.com/fullchain.pem': No such file or directory
cp: cannot stat '/etc/dehydrated/certs/smartipcloud.com/privkey.pem': No such file or directory
#hook.sh
This is my hook file
#!/usr/bin/env bash
based on https://github.com/lukas2511/dehydrated/wiki/example-dns-01-nsupdate-script
set -e
set -u
set -o pipefail
case "$1" in
"deploy_challenge")
echo ""
echo "Add the following to the zone definition of ${2}:"
echo "_acme-challenge.${2}. IN TXT "${4}""
echo ""
echo -n "Press enter to continue..."
read tmp
echo ""
;;
"clean_challenge")
echo ""
echo "Now you can remove the following from the zone definition of ${2}:"
echo "_acme-challenge.${2}. IN TXT "${4}""
echo ""
echo -n "Press enter to continue..."
read tmp
echo ""
;;
"sync_cert")
# do nothing for now
;;
"deploy_cert")
# do nothing for now
;;
"unchanged_cert")
# do nothing for now
;;
"exit_hook")
echo "${2:-}"
;;
*)
echo "Unknown hook "${1}""
;;
esac
exit 0
@lukas2511 commented on GitHub (May 14, 2021):
Did you add the DNS records like the hook script asks you to do and did you wait for DNS propagation before letting the script continue? This seems like user error to me so I'm closing this issue, but feel free to further discuss.
@kshah37 commented on GitHub (May 14, 2021):
hi, Which command I can use to add this line?
Add the following to the zone definition of smartipcloud.com:
_acme-challenge.smartipcloud.com. IN TXT "pLk-sQrDW3WFAHZL1rYGteY8ShMgryN2J-YdxyWRuKg"
@kshah37 commented on GitHub (May 14, 2021):
Can I use http validation if I am using wildcard domains?
@jobe1986 commented on GitHub (May 14, 2021):
To issue wild card certificates using Let's Encrypt you HAVE to use dns-01.
@lukas2511 commented on GitHub (May 14, 2021):
You need to add this to your domains DNS records. How this can be done varies between providers. Most have APIs to automate this process (maybe have a look at https://github.com/AnalogJ/lexicon if it supports your domains DNS provider), while others will require you to manually log in to their customer panel and update the records from within there.
Wildcard validation is only possible using dns-01.