DNS challenge failing on production

[hassek]

on the challenges.acme.cert-manager.io, the challenge is failing against simpledns with this msg:

Accepting challenge authorization failed: acme: authorization error for emailpref.com: 400 urn:ietf:params:acme:error:dns: DNS problem: SERVFAIL looking up TXT for _acme-challenge.<MYDOMAIN> - the domain's nameservers may be malfunctioning

Could it be a misconfiguration on my part? how can I debug this further?

Thanks in advance.

[hassek]

I was able to find the problem and fixed it by using the https://letsdebug.net/ tool, awesome tool btw.

[arnediekmann]

Looks like an interesting tool. Will try to remember that when I have to debug a challenge myself - thanks 😇

What I usually do is to look for the corresponding challenges.acme.cert-manager.io resource and then to examine the status fields which contain the reason why a challenge failed. Also there's a great debugging guide in the cert-manager docs.

[hassek]

Awesome! will take a look at the guide. Thanks!

Since we are already talking here, any plans to make this available on helm hub or something like that?

[arnediekmann]

I hadn't - but I just examined the process and it seems pretty straight forward. I'll create it as an issue for myself and see if I can get it done the next days. Thanks for the suggestion!

[arnediekmann]

In #3 im tracking the progress on getting it on the helm hub. However, you can as of now use it like this and thus don't have to clone the repository:

$ helm repo add neoskop https://charts.neoskop.dev
$ helm install cert-manager-webhook-dnsimple \
    --namespace cert-manager \
    [...]
    neoskop/cert-manager-webhook-dnsimple

You can also use https://neoskop.github.io/cert-manager-webhook-dnsimple as repo URL. That repository only container the releases of this project and not our other helm charts.