I am new to certify the web. I test the wildcard cert I am trying to get and it passes using the dns-01 challenge type. The challenge updates the DNS TXT records, but after the paused period, it fails with this error. (subbed aaa for URL)
2021-08-31 14:27:57.003 -05:00 [INF] Domain validation failed: *.aaa.net
DNS problem: NXDOMAIN looking up TXT for _acme-challenge.aaa.net - check that a DNS record exists for this domain BadRequest urn:ietf:params:acme:error:dns
Any help is appreciated.
Hi, can I check which DNS provider you are using and confirm that aaa.net is your actual domain name? I can confirm that _acme-challenge.aaa.net doesn’t currently appear to point to a TXT record.
aaa.net is a dummy. I logged into the DNS provider console and see the TXT entries created by the process. They are also deleted by the process after the failure.
Ok, if you can’t share your real domain I can’t check it for you. If you have a license key you can email support at certifytheweb.com with your domain info and we can check it privately.
If you are using a particular DNS API, please specify which one.
If you are scripting your own DNS updates please note that you need to wait for all of your domains nameservers to propagate the changes before proceeding with validation. The UI has an option for Propagation (Seconds) so you can specify an extra wait time. If you are scripting your own update you should also ensure the record is not being inserted with an extra domain on the end e.g. inserting _acme-challenge.aaa.net on some DNS systems will resolve as _acme-challenge.aaa.net.aaa.net
Could you manually create an TXT record named _acme-challengetest with the value “hello” in your DNS domain? That way I can check that the value is visible from here.
Also, please double check that the zoneID in the configuration is set correctly, otherwise it could be updating the wrong DNS zone.
This has been completed.
I can confirm that TXT record is not visible at all. Your domain nameserver appears to be ns1.hostgator.com. can you confirm this is expected? If not you need to update your domain nameservers with the registrar, it doesn’t sound like it’s related to DNS Made Easy to me.