When attempting to use the latest image to get a wildcard certificate for my domain at Domeneshop I seem to get a “No TXT record found at _acme-challenge..no”. It seems at least the API keys work and that the Certbot gets access to my account. Not sure why, but the challenge seems to run two times. Output from log below:
Obtaining a new certificate
Performing the following challenges:
dns-01 challenge for <my domain>.no
dns-01 challenge for <my domain>.no
Unsafe permissions on credentials configuration file: /config/dns-conf/domeneshop.ini
Waiting 60 seconds for DNS changes to propagate
Waiting for verification...
Challenge failed for domain <my domain>.no
Challenge failed for domain <my domain>.no
dns-01 challenge for <my domain>.no
dns-01 challenge for <my domain>.no
Cleaning up challenges
Some challenges have failed.
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: <my domain>.no
Type: unauthorized
Detail: No TXT record found at _acme-challenge.<my domain>.no
Domain: <my domain>.no
Type: unauthorized
Detail: No TXT record found at _acme-challenge.<my domain>.no
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
I guess it can be and issue with the Domeneshop plugin, but just thought I would check here in case I missed something. This is the docker compose file i used:
Challenge will run twice, that’s normal. First one is for the naked domain and the second is for *.domain.com
First of all, make sure you set STAGING=true otherwise you’ll get throttled by letsencrypt while testing. The cert won’t be valid, but once you confirm you can get a cert, then you can remove the staging and recreate and you’ll get the valid cert.
While it’s doing the validation, open your domeneshop gui and see if the TXT records are being created. You might have to keep refreshing during the 60 sec wait period. If they are created, then you know the api keys and connection are working fine.
The next check would be to check the dns records as slow propagation may be another issue. Try manually adding a txt record to your dns. And then check it on https://dnschecker.org (select TXT). And see how long it takes for it to show up on the dns servers around the world.
I use cloudflare and any change I make on there gets propagated almost instantly (that’s because cloudflare is huge and they are easily one of the largest dns providers). For other providers, it may take longer. If it takes longer than 60 seconds, then we may need to adjust the timeout.
Many thanks for the clarification and the tips!! It is working now! But in which directory can I actually find the certificates that has been generated?