[GH-ISSUE #347] Not able to generate cert for itself, no TXT record created #191

New issue

Open

opened 2026-03-13 16:05:48 +03:00 by kerem · 0 comments

kerem commented

2026-03-13 16:05:48 +03:00

Owner

Originally created by @bjornfro on GitHub (Dec 7, 2023).
Original GitHub issue: https://github.com/acme-dns/acme-dns/issues/347

Hi,

After running fine for years I suddenly noticed the certificate for the acme dns server itself was not renewed. The Let's Encrypt renewal did not work. I was expecting acme-dns to generate the DNS-01 TXT record for itself but seems it no longer happens and therefor cert renewal or creation fails.

Any clue how to troubleshoot? Any changes on Let's Enrypt side?

Regards, Bjorn

Dec 6 17:48:06 hostname acme-dns: 1.7018848867280297e+09#011error#011acme_client#011challenge failed#011{"identifier": "a.acme-dns.mgmt.foo.com", "challenge_type": "dns-01", "problem": {"type": "urn:ietf:params:acme:error:dns", "title": "", "detail": "DNS problem: NXDOMAIN looking up TXT for _acme-challenge.a.acme-dns.mgmt.foo.com - check that a DNS record exists for this domain", "instance": "", "subproblems": []}}
Dec 6 17:48:06 hostname acme-dns: 1.701884886728101e+09#011error#011acme_client#011validating authorization#011{"identifier": "a.acme-dns.mgmt.foo.com", "problem": {"type": "urn:ietf:params:acme:error:dns", "title": "", "detail": "DNS problem: NXDOMAIN looking up TXT for _acme-challenge.a.acme-dns.mgmt.foo.com - check that a DNS record exists for this domain", "instance": "", "subproblems": []}, "order": "https://acme-v02.api.letsencrypt.org/acme/order/1451566716/227324075166", "attempt": 1, "max_attempts": 3}
Dec 6 17:48:06 hostname acme-dns: 1.7018848867281468e+09#011error#011obtain#011could not get certificate from issuer#011{"identifier": "a.acme-dns.mgmt.foo.com", "issuer": "acme-v02.api.letsencrypt.org-directory", "error": "HTTP 400 urn:ietf:params:acme:error:dns - DNS problem: NXDOMAIN looking up TXT for _acme-challenge.a.acme-dns.mgmt.foo.com - check that a DNS record exists for this domain"}
Dec 6 17:48:06 hostname acme-dns: 1.701884886728193e+09#011error#011obtain#011will retry#011{"error": "[a.acme-dns.mgmt.foo.com] Obtain: [a.acme-dns.mgmt.foo.com] solving challenge: a.acme-dns.mgmt.foo.com: [a.acme-dns.mgmt.foo.com] authorization failed: HTTP 400 urn:ietf:params:acme:error:dns - DNS problem: NXDOMAIN looking up TXT for _acme-challenge.a.acme-dns.mgmt.foo.com - check that a DNS record exists for this domain (ca=https://acme-v02.api.letsencrypt.org/directory)", "attempt": 1, "retrying_in": 60, "elapsed": 1.527354888, "max_duration": 2592000}

Originally created by @bjornfro on GitHub (Dec 7, 2023). Original GitHub issue: https://github.com/acme-dns/acme-dns/issues/347 Hi, After running fine for years I suddenly noticed the certificate for the acme dns server itself was not renewed. The Let's Encrypt renewal did not work. I was expecting acme-dns to generate the DNS-01 TXT record for itself but seems it no longer happens and therefor cert renewal or creation fails. Any clue how to troubleshoot? Any changes on Let's Enrypt side? Regards, Bjorn Dec 6 17:48:06 hostname acme-dns: 1.7018848867280297e+09#011error#011acme_client#011challenge failed#011{"identifier": "a.acme-dns.mgmt.foo.com", "challenge_type": "dns-01", "problem": {"type": "urn:ietf:params:acme:error:dns", "title": "", "detail": "DNS problem: NXDOMAIN looking up TXT for _acme-challenge.a.acme-dns.mgmt.foo.com - check that a DNS record exists for this domain", "instance": "", "subproblems": []}} Dec 6 17:48:06 hostname acme-dns: 1.701884886728101e+09#011error#011acme_client#011validating authorization#011{"identifier": "a.acme-dns.mgmt.foo.com", "problem": {"type": "urn:ietf:params:acme:error:dns", "title": "", "detail": "DNS problem: NXDOMAIN looking up TXT for _acme-challenge.a.acme-dns.mgmt.foo.com - check that a DNS record exists for this domain", "instance": "", "subproblems": []}, "order": "https://acme-v02.api.letsencrypt.org/acme/order/1451566716/227324075166", "attempt": 1, "max_attempts": 3} Dec 6 17:48:06 hostname acme-dns: 1.7018848867281468e+09#011error#011obtain#011could not get certificate from issuer#011{"identifier": "a.acme-dns.mgmt.foo.com", "issuer": "acme-v02.api.letsencrypt.org-directory", "error": "HTTP 400 urn:ietf:params:acme:error:dns - DNS problem: NXDOMAIN looking up TXT for _acme-challenge.a.acme-dns.mgmt.foo.com - check that a DNS record exists for this domain"} Dec 6 17:48:06 hostname acme-dns: 1.701884886728193e+09#011error#011obtain#011will retry#011{"error": "[a.acme-dns.mgmt.foo.com] Obtain: [a.acme-dns.mgmt.foo.com] solving challenge: a.acme-dns.mgmt.foo.com: [a.acme-dns.mgmt.foo.com] authorization failed: HTTP 400 urn:ietf:params:acme:error:dns - DNS problem: NXDOMAIN looking up TXT for _acme-challenge.a.acme-dns.mgmt.foo.com - check that a DNS record exists for this domain (ca=https://acme-v02.api.letsencrypt.org/directory)", "attempt": 1, "retrying_in": 60, "elapsed": 1.527354888, "max_duration": 2592000}