Renewal Failures

baxing · August 30, 2022, 5:53am

Hello Support,

I have problem about auto renew fail and then I cllick button “Request Cetificate” it give save ploblem.
I tested it to the limit times. and have let it go for days.

And now I capute image show you about message failure :

And below is Log text of for the last 2-3 days

2022-08-29 06:18:32.028 +07:00 [INF] ---- Beginning Request [aimer-stock] ----
2022-08-29 06:18:32.028 +07:00 [INF] Certify/5.6.8.0 (Windows; Microsoft Windows NT 10.0.17763.0) 
2022-08-29 06:18:32.035 +07:00 [INF] Beginning Certificate Request Process: aimer-stock using ACME Provider:Certes
2022-08-29 06:18:32.035 +07:00 [INF] Requested identifiers to include on certificate: aimer-stock.com;*.aimer-stock.com
2022-08-29 06:18:32.036 +07:00 [INF] Beginning certificate order for requested domains
2022-08-29 06:18:33.023 +07:00 [INF] BeginCertificateOrder: creating/retrieving order. Retries remaining:2 
2022-08-29 06:18:34.801 +07:00 [INF] Created ACME Order: https://acme-v02.api.letsencrypt.org/acme/order/630024406/120456408257
2022-08-29 06:18:35.305 +07:00 [INF] Fetching Authorizations.
2022-08-29 06:18:37.272 +07:00 [INF] Got dns-01 challenge https://acme-v02.api.letsencrypt.org/acme/chall-v3/147242034467/R3jquA
2022-08-29 06:18:38.254 +07:00 [INF] Got http-01 challenge https://acme-v02.api.letsencrypt.org/acme/chall-v3/147242034477/wj1OXg
2022-08-29 06:18:38.744 +07:00 [INF] Got dns-01 challenge https://acme-v02.api.letsencrypt.org/acme/chall-v3/147242034477/fI2UTQ
2022-08-29 06:18:38.745 +07:00 [INF] Attempting Domain Validation: aimer-stock.com
2022-08-29 06:18:38.745 +07:00 [INF] Registering and Validating aimer-stock.com 
2022-08-29 06:18:38.746 +07:00 [INF] Preparing automated challenge responses (aimer-stock.com)
2022-08-29 06:18:38.751 +07:00 [INF] DNS: Challenge Delegation Domain enabled, using _acme-challenge.aimer-stock.com in place of _acme-challenge.aimer-stock.com.
2022-08-29 06:18:38.751 +07:00 [INF] DNS: Creating TXT Record '_acme-challenge.aimer-stock.com' with value 'uK4MUvbyGtEdQnrtW5-oTJtRANxqkbVZuZzmK-XapNM', in Zone Id '' using API provider 'Certify DNS'
2022-08-29 06:18:48.558 +07:00 [INF] DNS: Certify DNS :: Updated: _acme-challenge.aimer-stock.com :: d87168e8-fd47-4977-b238-bae86f17f22f.c-5d20.tx.auth.certifytheweb.com
2022-08-29 06:18:48.560 +07:00 [INF] Requesting Validation: aimer-stock.com
2022-08-29 06:18:48.561 +07:00 [INF] Attempting Domain Validation: *.aimer-stock.com
2022-08-29 06:18:48.561 +07:00 [INF] Registering and Validating *.aimer-stock.com 
2022-08-29 06:18:48.561 +07:00 [INF] Preparing automated challenge responses (*.aimer-stock.com)
2022-08-29 06:18:48.571 +07:00 [INF] DNS: Challenge Delegation Domain enabled, using _acme-challenge.aimer-stock.com in place of _acme-challenge.aimer-stock.com.
2022-08-29 06:18:48.572 +07:00 [INF] DNS: Creating TXT Record '_acme-challenge.aimer-stock.com' with value 'HfW1s7OFdoFkpbvqkizgS7_woKlqLsYRmteIG1TCaxE', in Zone Id '' using API provider 'Certify DNS'
2022-08-29 06:18:49.954 +07:00 [INF] DNS: Certify DNS :: Updated: _acme-challenge.aimer-stock.com :: d87168e8-fd47-4977-b238-bae86f17f22f.c-5d20.tx.auth.certifytheweb.com
2022-08-29 06:18:49.956 +07:00 [INF] Requesting Validation: *.aimer-stock.com
2022-08-29 06:18:55.992 +07:00 [INF] Attempting Challenge Response Validation for Domain: aimer-stock.com
2022-08-29 06:18:55.993 +07:00 [INF] Registering and Validating aimer-stock.com 
2022-08-29 06:18:55.993 +07:00 [INF] Checking automated challenge response for Domain: aimer-stock.com
2022-08-29 06:18:57.463 +07:00 [INF] Domain validation failed: aimer-stock.com 
Incorrect TXT record "fcfd8979-d7c5-4c85-9a25-984c6ab72108.c-5d20.tx.auth.certifytheweb.com." found at _acme-challenge.aimer-stock.com Forbidden urn:ietf:params:acme:error:unauthorized
2022-08-29 06:18:58.632 +07:00 [INF] DNS: Challenge Delegation Domain enabled, using _acme-challenge.aimer-stock.com in place of _acme-challenge.aimer-stock.com.
2022-08-29 06:18:58.632 +07:00 [INF] DNS: Deleting TXT Record '_acme-challenge.aimer-stock.com', in Zone Id '' using API provider 'Certify DNS'
2022-08-29 06:18:58.632 +07:00 [INF] Attempting Challenge Response Validation for Domain: *.aimer-stock.com
2022-08-29 06:18:58.633 +07:00 [INF] Registering and Validating *.aimer-stock.com 
2022-08-29 06:18:58.633 +07:00 [INF] Checking automated challenge response for Domain: *.aimer-stock.com
2022-08-29 06:19:00.104 +07:00 [INF] Domain validation failed: *.aimer-stock.com 
Incorrect TXT record "fcfd8979-d7c5-4c85-9a25-984c6ab72108.c-5d20.tx.auth.certifytheweb.com." found at _acme-challenge.aimer-stock.com Forbidden urn:ietf:params:acme:error:unauthorized
2022-08-29 06:19:01.188 +07:00 [INF] DNS: Challenge Delegation Domain enabled, using _acme-challenge.aimer-stock.com in place of _acme-challenge.aimer-stock.com.
2022-08-29 06:19:01.188 +07:00 [INF] DNS: Deleting TXT Record '_acme-challenge.aimer-stock.com', in Zone Id '' using API provider 'Certify DNS'
2022-08-29 06:19:02.274 +07:00 [INF] Validation of the required challenges did not complete successfully. Domain validation failed: *.aimer-stock.com 
Incorrect TXT record "fcfd8979-d7c5-4c85-9a25-984c6ab72108.c-5d20.tx.auth.certifytheweb.com." found at _acme-challenge.aimer-stock.com Forbidden urn:ietf:params:acme:error:unauthorized
2022-08-29 06:19:02.274 +07:00 [INF] Validation of the required challenges did not complete successfully. Domain validation failed: *.aimer-stock.com 
Incorrect TXT record "fcfd8979-d7c5-4c85-9a25-984c6ab72108.c-5d20.tx.auth.certifytheweb.com." found at _acme-challenge.aimer-stock.com Forbidden urn:ietf:params:acme:error:unauthorized
2022-08-29 06:19:02.274 +07:00 [INF] Validation of the required challenges did not complete successfully. Domain validation failed: *.aimer-stock.com 
Incorrect TXT record "fcfd8979-d7c5-4c85-9a25-984c6ab72108.c-5d20.tx.auth.certifytheweb.com." found at _acme-challenge.aimer-stock.com Forbidden urn:ietf:params:acme:error:unauthorized
2022-08-29 07:18:32.081 +07:00 [INF] Previous renewals failed: 62. Renewal will be attempted within 48hrs.
2022-08-29 08:18:32.119 +07:00 [INF] Previous renewals failed: 62. Renewal will be attempted within 48hrs.
2022-08-29 09:18:32.162 +07:00 [INF] Previous renewals failed: 62. Renewal will be attempted within 48hrs.
2022-08-29 10:18:32.215 +07:00 [INF] Previous renewals failed: 62. Renewal will be attempted within 48hrs.
2022-08-29 11:18:32.259 +07:00 [INF] Previous renewals failed: 62. Renewal will be attempted within 48hrs.
2022-08-29 12:18:32.280 +07:00 [INF] Previous renewals failed: 62. Renewal will be attempted within 48hrs.
2022-08-29 13:18:32.322 +07:00 [INF] Previous renewals failed: 62. Renewal will be attempted within 48hrs.
2022-08-29 14:18:32.377 +07:00 [INF] Previous renewals failed: 62. Renewal will be attempted within 48hrs.
2022-08-29 15:18:32.414 +07:00 [INF] Previous renewals failed: 62. Renewal will be attempted within 48hrs.
2022-08-29 16:18:32.474 +07:00 [INF] Previous renewals failed: 62. Renewal will be attempted within 48hrs.
2022-08-29 17:18:32.510 +07:00 [INF] Previous renewals failed: 62. Renewal will be attempted within 48hrs.
2022-08-29 18:18:32.564 +07:00 [INF] Previous renewals failed: 62. Renewal will be attempted within 48hrs.
2022-08-29 19:18:32.612 +07:00 [INF] Previous renewals failed: 62. Renewal will be attempted within 48hrs.
2022-08-29 20:18:32.661 +07:00 [INF] Previous renewals failed: 62. Renewal will be attempted within 48hrs.
2022-08-29 21:18:32.705 +07:00 [INF] Previous renewals failed: 62. Renewal will be attempted within 48hrs.
2022-08-29 22:18:32.752 +07:00 [INF] Previous renewals failed: 62. Renewal will be attempted within 48hrs.
2022-08-29 23:18:32.796 +07:00 [INF] Previous renewals failed: 62. Renewal will be attempted within 48hrs.
2022-08-30 00:18:32.830 +07:00 [INF] Previous renewals failed: 62. Renewal will be attempted within 48hrs.
2022-08-30 01:18:32.912 +07:00 [INF] Previous renewals failed: 62. Renewal will be attempted within 48hrs.
2022-08-30 02:18:32.931 +07:00 [INF] Previous renewals failed: 62. Renewal will be attempted within 48hrs.
2022-08-30 03:18:32.969 +07:00 [INF] Previous renewals failed: 62. Renewal will be attempted within 48hrs.
2022-08-30 04:18:33.026 +07:00 [INF] Previous renewals failed: 62. Renewal will be attempted within 48hrs.
2022-08-30 05:18:33.059 +07:00 [INF] Previous renewals failed: 62. Renewal will be attempted within 48hrs.
2022-08-30 06:18:33.123 +07:00 [INF] Previous renewals failed: 62. Renewal will be attempted within 48hrs.
2022-08-30 07:18:33.151 +07:00 [INF] Previous renewals failed: 62. Renewal will be attempted within 48hrs.
2022-08-30 08:18:33.181 +07:00 [INF] Previous renewals failed: 62. Renewal will be attempted within 48hrs.
2022-08-30 09:18:33.229 +07:00 [INF] Previous renewals failed: 62. Renewal will be attempted within 48hrs.
2022-08-30 10:18:33.268 +07:00 [INF] Previous renewals failed: 62. Renewal will be attempted within 48hrs.
2022-08-30 11:18:33.316 +07:00 [INF] Previous renewals failed: 62. Renewal will be attempted within 48hrs.
2022-08-30 12:18:33.359 +07:00 [INF] Previous renewals failed: 62. Renewal will be attempted within 48hrs.

This image is my setup

Please help me to solve this my problem.

webprofusion · August 30, 2022, 9:41am

Hi,

You are using Certify DNS which requires you to create a CNAME record in DNS, you have created a TXT record instead.

Delete the _acme-challenge record and create a CNAME record called _acme-challenge with the value fcfd8979-d7c5-4c85-9a25-984c6ab72108.c-5d20.tx.auth.certifytheweb.com - this makes it so that when Let’s Encrypt check _acme-challenge.aimer-stock.com for a TXT record it gets redirected to our Certify DNS service.

You also don’t need to set the CNAME delegation rule, that’s just a special value for when your domain won’t match the DNS zone you are updating.

baxing · August 30, 2022, 11:34am

Hi,

Now, I deleted the _acme-challenge CNAME record in DNS and created a _acme-challenge TXT record with value fcfd8979-d7c5-4c85-9a25-984c6ab72108.c-5d20.tx.auth.certifytheweb.com already. and I click button “request certificate” but the operation was unsuccessful.

Below are error messag and log. Please guide me again.

2022-08-30 18:25:25.221 +07:00 [INF] ---- Beginning Request [aimer-stock] ----
2022-08-30 18:25:25.227 +07:00 [INF] Certify/5.6.8.0 (Windows; Microsoft Windows NT 10.0.17763.0) 
2022-08-30 18:25:25.232 +07:00 [INF] Beginning Certificate Request Process: aimer-stock using ACME Provider:Certes
2022-08-30 18:25:25.232 +07:00 [INF] Requested identifiers to include on certificate: aimer-stock.com;*.aimer-stock.com
2022-08-30 18:25:25.232 +07:00 [INF] Beginning certificate order for requested domains
2022-08-30 18:25:26.848 +07:00 [INF] BeginCertificateOrder: creating/retrieving order. Retries remaining:2 
2022-08-30 18:25:29.666 +07:00 [INF] Created ACME Order: https://acme-v02.api.letsencrypt.org/acme/order/630024406/120913195197
2022-08-30 18:25:30.447 +07:00 [INF] Fetching Authorizations.
2022-08-30 18:25:33.555 +07:00 [INF] Got dns-01 challenge https://acme-v02.api.letsencrypt.org/acme/chall-v3/147794859717/BGXv-g
2022-08-30 18:25:35.105 +07:00 [INF] Got http-01 challenge https://acme-v02.api.letsencrypt.org/acme/chall-v3/147794859727/J66-3Q
2022-08-30 18:25:35.879 +07:00 [INF] Got dns-01 challenge https://acme-v02.api.letsencrypt.org/acme/chall-v3/147794859727/7vi7_g
2022-08-30 18:25:35.879 +07:00 [INF] Attempting Domain Validation: aimer-stock.com
2022-08-30 18:25:35.879 +07:00 [INF] Registering and Validating aimer-stock.com 
2022-08-30 18:25:35.879 +07:00 [INF] Preparing automated challenge responses (aimer-stock.com)
2022-08-30 18:25:35.886 +07:00 [INF] DNS: Challenge Delegation Domain enabled, using _acme-challenge.aimer-stock.com in place of _acme-challenge.aimer-stock.com.
2022-08-30 18:25:35.886 +07:00 [INF] DNS: Creating TXT Record '_acme-challenge.aimer-stock.com' with value 'avwx-0mafddZ2-H9Omfvnp5j8IXJhIN-Jr_fjqM5QDs', in Zone Id '' using API provider 'Certify DNS'
2022-08-30 18:25:38.635 +07:00 [INF] DNS: Certify DNS :: Updated: _acme-challenge.aimer-stock.com :: d87168e8-fd47-4977-b238-bae86f17f22f.c-5d20.tx.auth.certifytheweb.com
2022-08-30 18:25:38.635 +07:00 [INF] Requesting Validation: aimer-stock.com
2022-08-30 18:25:38.635 +07:00 [INF] Attempting Domain Validation: *.aimer-stock.com
2022-08-30 18:25:38.636 +07:00 [INF] Registering and Validating *.aimer-stock.com 
2022-08-30 18:25:38.641 +07:00 [INF] Preparing automated challenge responses (*.aimer-stock.com)
2022-08-30 18:25:38.645 +07:00 [INF] DNS: Challenge Delegation Domain enabled, using _acme-challenge.aimer-stock.com in place of _acme-challenge.aimer-stock.com.
2022-08-30 18:25:38.645 +07:00 [INF] DNS: Creating TXT Record '_acme-challenge.aimer-stock.com' with value 't12ZWau5gxqKce8T5F79jeh48JquqL9QWAcH7nHlqc4', in Zone Id '' using API provider 'Certify DNS'
2022-08-30 18:25:40.100 +07:00 [INF] DNS: Certify DNS :: Updated: _acme-challenge.aimer-stock.com :: d87168e8-fd47-4977-b238-bae86f17f22f.c-5d20.tx.auth.certifytheweb.com
2022-08-30 18:25:40.102 +07:00 [INF] Requesting Validation: *.aimer-stock.com
2022-08-30 18:25:46.133 +07:00 [INF] Attempting Challenge Response Validation for Domain: aimer-stock.com
2022-08-30 18:25:46.134 +07:00 [INF] Registering and Validating aimer-stock.com 
2022-08-30 18:25:46.134 +07:00 [INF] Checking automated challenge response for Domain: aimer-stock.com
2022-08-30 18:25:48.494 +07:00 [INF] Domain validation failed: aimer-stock.com 
Incorrect TXT record "du72eDXuwachlY4TaLC8CEcnPS14Jul8JcyA1QsUbZA" found at _acme-challenge.aimer-stock.com Forbidden urn:ietf:params:acme:error:unauthorized
2022-08-30 18:25:49.625 +07:00 [INF] DNS: Challenge Delegation Domain enabled, using _acme-challenge.aimer-stock.com in place of _acme-challenge.aimer-stock.com.
2022-08-30 18:25:49.625 +07:00 [INF] DNS: Deleting TXT Record '_acme-challenge.aimer-stock.com', in Zone Id '' using API provider 'Certify DNS'
2022-08-30 18:25:49.627 +07:00 [INF] Attempting Challenge Response Validation for Domain: *.aimer-stock.com
2022-08-30 18:25:49.627 +07:00 [INF] Registering and Validating *.aimer-stock.com 
2022-08-30 18:25:49.627 +07:00 [INF] Checking automated challenge response for Domain: *.aimer-stock.com
2022-08-30 18:25:54.542 +07:00 [INF] Domain validation failed: *.aimer-stock.com 
Incorrect TXT record "du72eDXuwachlY4TaLC8CEcnPS14Jul8JcyA1QsUbZA" found at _acme-challenge.aimer-stock.com Forbidden urn:ietf:params:acme:error:unauthorized
2022-08-30 18:25:55.633 +07:00 [INF] DNS: Challenge Delegation Domain enabled, using _acme-challenge.aimer-stock.com in place of _acme-challenge.aimer-stock.com.
2022-08-30 18:25:55.633 +07:00 [INF] DNS: Deleting TXT Record '_acme-challenge.aimer-stock.com', in Zone Id '' using API provider 'Certify DNS'
2022-08-30 18:25:56.728 +07:00 [INF] Validation of the required challenges did not complete successfully. Domain validation failed: *.aimer-stock.com 
Incorrect TXT record "du72eDXuwachlY4TaLC8CEcnPS14Jul8JcyA1QsUbZA" found at _acme-challenge.aimer-stock.com Forbidden urn:ietf:params:acme:error:unauthorized
2022-08-30 18:25:56.728 +07:00 [INF] Validation of the required challenges did not complete successfully. Domain validation failed: *.aimer-stock.com 
Incorrect TXT record "du72eDXuwachlY4TaLC8CEcnPS14Jul8JcyA1QsUbZA" found at _acme-challenge.aimer-stock.com Forbidden urn:ietf:params:acme:error:unauthorized
2022-08-30 18:25:56.728 +07:00 [INF] Validation of the required challenges did not complete successfully. Domain validation failed: *.aimer-stock.com 
Incorrect TXT record "du72eDXuwachlY4TaLC8CEcnPS14Jul8JcyA1QsUbZA" found at _acme-challenge.aimer-stock.com Forbidden urn:ietf:params:acme:error:unauthorized

Thank you

webprofusion · August 30, 2022, 1:19pm

Hi, for some reason your Certify DNS CNAME has changed between your last log file and this one. The new log file is expecting your CNAME to point to d87168e8-fd47-4977-b238-bae86f17f22f.c-5d20.tx.auth.certifytheweb.com, so try updating your CNAME in name to point to the new location.

This is unusual though, I can’t understand why you would suddenly have a new Certify DNS registration (new CNAME value).

baxing · August 30, 2022, 3:50pm

Hi,

After edit value of CNAME to d87168e8-fd47-4977-b238-bae86f17f22f.c-5d20.tx.auth.certifytheweb.com
, it succeeded. great++

I’m not sure if I’m doing anything wrong. Please advise. In order not to cause problems again in the next auto renew.

Previously, when I first set it up, it succeeded in getting the certificate, and after the first auto renew period, it got an error. So I looked for a solution but couldn’t. So I’ve come to ask you a question here.

Thank you very much for solving the problem for me.