DNS Config missing after update

Updated today and tried to renew my cert and after only to find all my DNS info wiped out.

I cant actually even seem to update it because even though Web Central is one of the biggest, if not the biggest registrar in Australia its not in the list???

How can i go back to the older version???

Thanks, can you provide a little more information?

As Web Central is not one of our supported providers you couldn’t have had saved DNS information in Certify The Web, so what DNS information has “been wiped out”?

One thing to be aware of is that Stored Credentials are encrypted using the service account user, which by default is Local System. If you have changed the user that the service runs as (we would strongly advise against doing that) then you need to re-apply that after every app update is installed.

You’re right, I didn’t have that saved, I was just trying to set it up with the new settings.

I was pretty miffed that this wasn’t working all of a sudden after years of working flawlessly. Sorry for being so abrupt. (BTW nothing was changed on my side, except for allowing Certify to be updated)

I was using the ACME DNS validation, which had been working fine for the last couple of years.

Anyway, it seems that wildcards are now supported. So I’ve just started again.

When I first set up Certify, I cant remember why, but this wasn’t available and had to have a SAN cert with all sub domains added to the single cert.

So now I have added the

_acme-challenge.mydomain.com.au as a txt record with the registrar. But I still cant create a cert

DNS problem: NXDOMAIN looking up TXT for _acme-challenge.mydomain.com.au - check that a DNS record exists for this domain BadRequest urn:ietf:params:acme:error:dns

Yet if I use something like MXtoolbox to check the TXT record, its there.

So does DNS challenge not work anymore? Or wildcards are not actually supported?


I think I may have found the issue, I was using HTTP, not DNS. It has been years since I did this.

But still does not explain why DNS doesn’t work after adding the TXT record?

1 Like

If you are setting up acme-dns with a new managed certificate you will need to change your CNAME in DNS to point to the new acme-dns registration.

Wildcards have always been supported for DNS validation, it’s one of the main reasons to use DNS validation instead of http validation.

Thanks for getting back.

I found the doco you have for this a little confusing, but I actually found a reddit post of yours explaining this with an example that made it clear which part of the logs I should be looking at.

Hi, I'm the developer of Certify The Web, let me know if you have questions. v5 added a bunch of DNS providers but not eNom unfortunately.

I noticed you were using acme-dns (which is a better approach than updating your DNS directly, from a least-privilege point of view). With that you create an _acme-challenge record in your DNS and point it to the CNAME that the first request tells you to, so in your case you point a CNAME called _acme-challenge.app.clientdomain.ca (or whatever your domain is) to 8c4eb85e-4396-490f-a1be-014db5a09236.auth.acme-dns.io

After that all updates and renewals are automatic.

So that worked for me, thanks :slight_smile:

1 Like