DNS problem: NXDOMAIN looking up TXT for _acme-challenge.

[JOduMonT]

Hi;

I miss understood something;

do I have to create the TXT _acme-challenge. ?
if yes where I found the VALUE
may I have a concrete example ?

Regards!

Jonathan

[sineverba]

No, you don't need to create anything. The DNS will be created from bash script... What's the problem? Can you write down all steps and errors received, if any?
Thank you

[JOduMonT]

thank for your quick reply :)

for the little history I move my DNS from namecheap to cloudflare because I had the same issue ;)

so I clone dehydrated and your hook as you suggest
here my ./config

IP_VERSION="4"
CHALLENGETYPE="dns-01"
HOOK="hooks/cfhookbash/hook.sh"
KEY_ALGO="secp384r1"
CONTACT_EMAIL="hostmaster@jodumont.com"

hooks/cfhookbash/config.sh

case ${1} in
        "jodumont.com")
                global_api_key="MY GLOBAL API KEY"
                zones=" MY ZONE I FOUND IN UNDER DNS/API POST as you mention"
                email="EMAIL USE FOR MY CLOUDFLARE ACCOUNT"
        ;;
esac

than I run

bash-4.4$ ./dehydrated -c

# INFO: Using main config file /srv/dehydrated/config
Processing jodumont.com
 + Signing domains...
 + Generating private key...
 + Generating signing request...
 + Requesting new certificate order from CA...
 + Received 1 authorizations URLs from the CA
 + Handling authorization for jodumont.com
 + 1 pending challenge(s)
 + Deploying challenge tokens...
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   649    0   501  100   148    914    270 --:--:-- --:--:-- --:--:--  1182
 + Responding to challenge for jodumont.com authorization...
 + Cleaning challenge tokens...
{"result":{"id":"a4c137a530f709584b1eb7e0564a6046"},"success":true,"errors":[],"messages":[]} + Challenge validation has failed :(
ERROR: Challenge is invalid! (returned: invalid) (result: {
  "type": "dns-01",
  "status": "invalid",
  "error": {
    "type": "urn:ietf:params:acme:error:dns",
    "detail": "DNS problem: NXDOMAIN looking up TXT for _acme-challenge.jodumont.com",
    "status": 400
  },
  "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/0q2rk8xuabrf6ICLUxcnYP-XGqEEOcHXqyiYa4cXwpc/7455893731",
  "token": "vOKDeFZ8AZN-yK076rM-kijvbSH0sX4BNVu_Wwe-4-s"
})

[JOduMonT]

Do I still need the WELLKNOWN directory ?
ref: dehydrated-io/dehydrated#90

[LunkSnee]

I'm getting the same thing. It appears it isn't creating the TXT record as expected within Cloudflare. I'm having to use the python script hook instead, as it works without issue.

[JOduMonT]

@LunkSnee I leg you this issue
for me I use another way and fine to close it

[phixion]

same issue

[sineverba]

I cannot replicate the issues.
Can you check if DNS record Is created on cloudflare?

A raw test Is firing continuously F5 (refresh) during development on CF page with DNS list...

[phixion]

nothing is created within cf

[YasharF]

Interestingly I am running into this acme-staging.api.letsencrypt.org, but not when using acme-v02.api.letsencrypt.org for the CA endpoint

[sineverba]

I can replicate this. Probably need to wait a bit before test for record created. I will investigate deeper.

[sineverba]

Ready a patch for this issue.