[GH-ISSUE #166] Unable to query TXT records from _acme-challenge dns name #64

New issue

Closed

opened 2026-03-13 15:37:36 +03:00 by kerem · 2 comments

kerem commented

2026-03-13 15:37:36 +03:00

Owner

Originally created by @SuperlativeIT on GitHub (May 16, 2019).
Original GitHub issue: https://github.com/acme-dns/acme-dns/issues/166

I am able to resolve for the A record that is acmedns1.dnsserver.com.

I can query the cname record _acme-challenge.domain.com from google dns and the cname record points to subdomain.acmedns1.dnsserver.com.

I can query the txt record for subdomain.acmedns1.dnsserver.com when I point dig directly to the server and query it and it returns the stored txt value successfully.

However if I try to do the same through any other dns it fails to resolves and gives me an invalid domain error.

At this point I'm spinning my wheels and getting nowhere. When I use auth.acme-dns.io everything validates successfully and I am issued a certificate. The only difference is my acme-dns vs yours. So I don't know what is making mine and yours act differently as I am using the supplied config.cfg with my domain values vs auth.example.org.

The root domain being used by acme-dns is registered with Google and hosted by Google DNS. The subdomain acmedns1.dnsserver.com is resolvable via dig and nslookup and points to the IP used by my acme-dns server.

At this point I can't seem to nail down the issue as everything appears to be correct.
So why am I not able to pull the TXT value when I query _acme-challenge.domain.com from my acme-dns server when I am able to do so when I use auth.acme-dns.io.?

What would cause a 3rd party DNS server not pick up the TXT record from acme-dns via port 53?

Thank you

Sincerely

Originally created by @SuperlativeIT on GitHub (May 16, 2019). Original GitHub issue: https://github.com/acme-dns/acme-dns/issues/166 I am able to resolve for the A record that is acmedns1.dnsserver.com. I can query the cname record _acme-challenge.domain.com from google dns and the cname record points to subdomain.acmedns1.dnsserver.com. I can query the txt record for subdomain.acmedns1.dnsserver.com when I point dig directly to the server and query it and it returns the stored txt value successfully. However if I try to do the same through any other dns it fails to resolves and gives me an invalid domain error. At this point I'm spinning my wheels and getting nowhere. When I use auth.acme-dns.io everything validates successfully and I am issued a certificate. The only difference is my acme-dns vs yours. So I don't know what is making mine and yours act differently as I am using the supplied config.cfg with my domain values vs auth.example.org. The root domain being used by acme-dns is registered with Google and hosted by Google DNS. The subdomain acmedns1.dnsserver.com is resolvable via dig and nslookup and points to the IP used by my acme-dns server. At this point I can't seem to nail down the issue as everything appears to be correct. So why am I not able to pull the TXT value when I query _acme-challenge.domain.com from my acme-dns server when I am able to do so when I use auth.acme-dns.io.? What would cause a 3rd party DNS server not pick up the TXT record from acme-dns via port 53? Thank you Sincerely

kerem closed this issue

2026-03-13 15:37:42 +03:00

kerem commented

2026-03-13 15:37:48 +03:00

Author

Owner

@SuperlativeIT commented on GitHub (May 17, 2019):

Using a domain name I personally owned I was able to get acme-dns up and running successfully on my home server and I was able to validate and receive a test certificate from LetsEncrypt. So I believe I now see the part that I'm missing from my work's deployment mainly due to their domain structuring but I'll find a way around it.

Thank you for your help

Sincerely

@SuperlativeIT commented on GitHub (May 17, 2019): Using a domain name I personally owned I was able to get acme-dns up and running successfully on my home server and I was able to validate and receive a test certificate from LetsEncrypt. So I believe I now see the part that I'm missing from my work's deployment mainly due to their domain structuring but I'll find a way around it. Thank you for your help Sincerely

kerem commented

2026-03-13 15:37:53 +03:00

Author

Owner

@butterl commented on GitHub (Feb 7, 2020):

@SuperlativeIT
I also meet this after renew the ssl cert by hand， any solution to this issue？
I tried change DNS to 8.8.8.8, but still failed
acme: Checking DNS record propagation using [8.8.8.8:53]

@butterl commented on GitHub (Feb 7, 2020): @SuperlativeIT I also meet this after renew the ssl cert by hand， any solution to this issue？ I tried change DNS to 8.8.8.8, but still failed acme: Checking DNS record propagation using [8.8.8.8:53]

kerem referenced this issue

2026-03-13 16:14:57 +03:00

[PR #64] [MERGED] Make installation instructions more comprehensive #274