A post was split to a new topic: Certify as a replacement for Certbot
As I feared, here it is about 3 months later and I get a dreaded e-mail stating that my renewals are failing.
When I first set this up anew in November, the âtestâ button produced successful results. Now it fails with a âfailed to create DNS recordâ and something about that my domain is not managed by this account. Why did this break?
Details:
Certify SSL Manager - Renewal Failure Notice - ampexperts [www.ampexperts.com]
The SSL Certificate renewal has failed 9 times for the managed site ampexperts [www.ampexperts.com] on server AAM-SERVER. Please either check the configuration of this site or if you no longer require this certificate you can disable Auto Renew for this in the Certify SSL Manager app, on your web server."
âNameCheap DNS API (Deprecated) :: Failed to create DNS record _acme-challenge-test.www.ampexperts.com: Domain www.ampexperts.com is not managed by this account!â
I think I found the problem. Although dynamic DNS updates the A records, it doesnât update the API access at my domain provider. My IP address changed this week after an overnight outage. I tried adding the new IP to the whitelist at my DNSâs API page and that seems to have corrected the problem.
EDIT: It looks like I spoke too soon. Two domains are still kicking back an error.
</ApiResponse>
at Certify.Providers.DNS.NameCheap.DnsProviderNameCheap.<InvokeApiAsync>d__40.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Certify.Providers.DNS.NameCheap.DnsProviderNameCheap.<InvokeGetApiAsync>d__39.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Certify.Providers.DNS.NameCheap.DnsProviderNameCheap.<GetZonesBatchAsync>d__36.MoveNext()
2022-02-24 10:18:11.606 -05:00 [ERR] DNS update failed: NameCheap DNS API :: Failed to create DNS record _acme-challenge.www.ampexperts.com: Domain www.ampexperts.com is not managed by this account!
2022-02-24 10:18:11.606 -05:00 [INF] Requesting Validation: www.ampexperts.com
2022-02-24 10:18:11.606 -05:00 [INF] Attempting Domain Validation: ampexperts.com
2022-02-24 10:18:11.606 -05:00 [INF] Registering and Validating ampexperts.com
2022-02-24 10:18:11.606 -05:00 [INF] Preparing automated challenge responses (ampexperts.com)
2022-02-24 10:18:11.606 -05:00 [INF] DNS: Creating TXT Record '_acme-challenge.ampexperts.com' with value 'jKTyfBGuNa689psTj_PE1oXn4N5EeIfRB3VZGOpN80Y', in Zone Id '' using API provider 'NameCheap DNS API'
2022-02-24 10:18:11.840 -05:00 [ERR] Failed to get a batch of domain zones.
System.Exception: NameCheap API method https://api.namecheap.com/xml.response?Page=1&PageSize=100&SortBy=NAME&ApiUser=Basspig&ApiKey=e4f57028102543fcb31ad549a9c16dcc&UserName=Basspig&Command=namecheap.domains.getList&ClientIp=24.151.102.80 returned an error status 'ERROR':
<?xml version="1.0" encoding="utf-8"?>
<ApiResponse Status="ERROR" xmlns="http://api.namecheap.com/xml.response">
<Errors>
<Error Number="1011150">Invalid request IP: 68.114.83.217</Error>
</Errors>
<Warnings />
<RequestedCommand />
<Server>PHX01APIEXT11</Server>
<GMTTimeDifference>--5:00</GMTTimeDifference>
<ExecutionTime>0</ExecutionTime>
</ApiResponse>
at Certify.Providers.DNS.NameCheap.DnsProviderNameCheap.<InvokeApiAsync>d__40.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Certify.Providers.DNS.NameCheap.DnsProviderNameCheap.<InvokeGetApiAsync>d__39.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Certify.Providers.DNS.NameCheap.DnsProviderNameCheap.<GetZonesBatchAsync>d__36.MoveNext()
2022-02-24 10:18:11.840 -05:00 [ERR] DNS update failed: NameCheap DNS API :: Failed to create DNS record _acme-challenge.ampexperts.com: Domain ampexperts.com is not managed by this account!
2022-02-24 10:18:11.840 -05:00 [INF] Requesting Validation: ampexperts.com
2022-02-24 10:18:11.840 -05:00 [INF] NameCheap DNS API :: Failed to create DNS record _acme-challenge.ampexperts.com: Domain ampexperts.com is not managed by this account!
2022-02-24 10:18:12.090 -05:00 [INF] NameCheap DNS API :: Failed to create DNS record _acme-challenge.ampexperts.com: Domain ampexperts.com is not managed by this account!
2022-02-24 10:18:12.090 -05:00 [INF] NameCheap DNS API :: Failed to create DNS record _acme-challenge.ampexperts.com: Domain ampexperts.com is not managed by this account!
2022-02-24 11:18:08.963 -05:00 [INF] Previous renewals failed: 12. Renewal will be attempted within 48hrs.
2022-02-24 12:18:08.962 -05:00 [INF] Previous renewals failed: 12. Renewal will be attempted within 48hrs.
2022-02-24 13:18:08.974 -05:00 [INF] Previous renewals failed: 12. Renewal will be attempted within 48hrs.
2022-02-24 13:54:30.617 -05:00 [INF] Previous renewals failed: 12. Renewal will be attempted within 48hrs.
2022-02-24 13:57:08.693 -05:00 [INF] One or more tests failed
2022-02-24 13:59:53.809 -05:00 [INF] One or more tests failed
2022-02-24 14:13:24.229 -05:00 [INF] One or more tests failed
2022-02-24 14:48:26.459 -05:00 [INF] Previous renewals failed: 12. Renewal will be attempted within 48hrs.
2022-02-24 14:52:20.169 -05:00 [INF] All Tests Completed OK
2022-02-24 14:52:28.626 -05:00 [INF] Previous renewals failed: 12. Renewal will be attempted within 48hrs.
Ok, I donât understand why youâre posting this problem here though? If youâve whitelisted your server IP at namecheap and itâs not working then you need to contact Namecheap no?
Because I donât know what Iâm doing. Apparently, the error was until Certify the Web re applied for the certs for those sites. I checked it today and all certs are green status. Apparently, when your IP address changes, it can take up to 48 hours for Certify to stop erroring out.
Cool, itâs NameCheap thatâs erroring, certify is just reporting the error to you.
Yeah, my ISPâs IP address changed after an internet outage last week. Thatâs what caused all of this, apparently. It takes hours or days to propagate the new IP. I didnât know that. At any rate, after updating the API at Namecheap, eventually, Certify The Web stopped producing errors. It was a delayed fix, which made me think there was a problem when there was not.