DNS domain authorization fails

krove · April 9, 2018, 6:41pm

Hello

I just downloaded the latest test version of v4, but I’ve run into a problem requesting a certificate, using dns Authorization.

My provider is Azure, and I’ve setup a API provider for my Azure subscription. I believe that it’s setup correctly, because I can see that it creates a txt record for the domain.

When I try to request a certificate I get the following error:
2018-04-09 19:27:53.889 +02:00 [INF] Beginning Certificate Request Process: sts.contoso.com using ACME Provider:Certes
2018-04-09 19:27:53.889 +02:00 [INF] Registering Domain Identifiers
2018-04-09 19:27:55.327 +02:00 [INF] Created ACME Order Certes.Acme.OrderContext
2018-04-09 19:27:55.327 +02:00 [VRB] Fetching Authorizations.
2018-04-09 19:27:55.725 +02:00 [VRB] Fetching Authz Challenges.
2018-04-09 19:27:57.305 +02:00 [INF] Got http-01 challenge Certes.Acme.Resource.Challenge
2018-04-09 19:27:58.102 +02:00 [INF] Got dns-01 challenge Certes.Acme.Resource.Challenge
2018-04-09 19:27:58.102 +02:00 [INF] Attempting Domain Validation: sts.contoso.com
2018-04-09 19:27:58.102 +02:00 [INF] Registering and Validating sts.contoso.com
2018-04-09 19:27:58.102 +02:00 [INF] Performing Challenge Response via IIS: sts.contoso.com
2018-04-09 19:28:04.419 +02:00 [INF] DNS updated OK : DNS TXT Record Created: _acme-challenge.sts.contoso.com with value: EO9Vs1OQLC48Q3G2oikWmr1AZJKn_qNjSPOnDP1s4Dw
2018-04-09 19:28:04.419 +02:00 [INF] Requesting Validation from Let’s Encrypt: sts.contoso.com
2018-04-09 19:28:51.217 +02:00 [INF] Domain validation failed: sts.contoso.com
DNS problem: NXDOMAIN looking up TXT for _acme-challenge.sts.contoso.com BadRequest urn:ietf:params:acme:error:connection
2018-04-09 19:28:54.061 +02:00 [INF] Validation of the required challenges did not complete successfully. Domain validation failed: sts.contoso.com
DNS problem: NXDOMAIN looking up TXT for _acme-challenge.sts.contoso.com BadRequest urn:ietf:params:acme:error:connection
2018-04-09 19:28:54.061 +02:00 [INF] Validation of the required challenges did not complete successfully. Domain validation failed: sts.contoso.com
DNS problem: NXDOMAIN looking up TXT for _acme-challenge.sts.contoso.com BadRequest urn:ietf:params:acme:error:connection

I believe it may have something to do with, the validation is done before the record is visible in dns, and there for fails the validation.

Also is there any way to switch to Staging server, it’s difficult to test on the live server, as I keep running into the rate-limiter.

webprofusion · April 9, 2018, 11:42pm

Hi, in my own testing I found that azure gave you 3 nameservers as part of your config, but the 3rd one appeared to be very slow to sync changes, so I just used the first 2 for my domain.

We currently wait 30s before proceeding but I think we need to make it provider specific and possibly configurable.

There is no way to switch to staging currently, although if you’re feeling brave you can build a debug build from github, and that uses staging.