I’m trying to renew some certs that I’m hosting on a VM but get the following:
2023-09-20 15:04:21.233 +00:00 [INF] Submitting challenge for validation: Example.com [dns]
2023-09-20 15:04:27.177 +00:00 [ERR] [Progress] Validation failed: Example.com [dns]
Response from Certificate Authority: No TXT record found at _acme-challenge.Example.com [Forbidden :: urn:ietf:params:acme:error:unauthorized]
2023-09-20 15:04:28.485 +00:00 [INF] DNS: Deleting TXT Record ‘_acme-challenge.Example.com’ :‘FVr9ZEo9BzMsPljtgEdj0gx2MSwumyvzVlf0Ox7Or9g’, [Example.com] using API provider ‘acme-dns DNS API’
2023-09-20 15:04:28.487 +00:00 [ERR] Validation of the required challenges did not complete successfully. Validation failed: Example.com [dns]
Response from Certificate Authority: No TXT record found at _acme-challenge.Example.com[Forbidden :: urn:ietf:params:acme:error:unauthorized]
What could be the issue?
The challenge token (FVr9ZEo9BzMsPljtgEdj0gx2MSwumyvzVlf0Ox7Or9g) has not been added to your DNS TXT record… Also, do you own the domain “example.com”? This will never work if you don’t have control of the domain.
Sorry, we can’t diagnose without knowing your domain or a full unedited log file. If you are a licensed customer you can send supporting information through to support {at} certifytheweb.com
Alternatively if you can share your domain name here I can check the basics. We’d also need to know which DNS provider you are trying to use and what you’ve done so far.
Included
2023-09-20 15:04:27.177 +00:00 [ERR] [Progress] Validation failed: demo.platformmanager.com [dns]
Response from Certificate Authority: No TXT record found at _acme-challenge.demo.platformmanager.com [Forbidden :: urn:ietf:params:acme:error:unauthorized]
2023-09-20 15:04:28.485 +00:00 [INF] DNS: Deleting TXT Record ‘_acme-challenge.demo.platformmanager.com’ :‘FVr9ZEo9BzMsPljtgEdj0gx2MSwumyvzVlf0Ox7Or9g’, [demo.platformmanager.com] using API provider ‘acme-dns DNS API’
2023-09-20 15:04:28.487 +00:00 [ERR] Validation of the required challenges did not complete successfully. Validation failed: demo.platformmanager.com [dns]
Response from Certificate Authority: No TXT record found at _acme-challenge.demo.platformmanager.com [Forbidden :: urn:ietf:params:acme:error:unauthorized]
Thanks, your _acme-challenge.demo TXT record in DNS is currently a TXT record but it looks like it should be a CNAME record pointing to the acme-dns service.
If you intend to use acme-dns, delete the _acme-challenge.demo TXT record and instead add a CNAME record pointing to 0a482a7b-353a-4bbb-9c2f-fe4e94d638e4.auth.acme-dns.io - note that the acme-dns system is a 3rd party service and we do not control that, our app just works with it.
Hi Webprofusion,
Thanks for the info. Could you please advise me where to do this?
Thanks in advance.
Hi,
DNS record changes are edits you make either with your domain registrar or whoever hosts your DNS. Looking at your domain I think you DNS is managed with Cloudflare, so you would login to that control panel and edit the DNS records there.
Note that Certify supports Cloudflare updates directly, so there’s no real need to be using acme-dns as you could use the Cloudflare API instead of acme-dns (in your Ceritfy managed certificate, under Authorization > Dns). Cloudflare DNS | Certify The Web Docs - you can however just use acme-dns instead if you want to, but to do that you need to make the aforementioned edit to your DNS.