mirror of
https://github.com/certimate-go/certimate.git
synced 2026-04-26 05:05:56 +03:00
[GH-ISSUE #1092] No TXT record found at _acme-challenge.y.***.*** #737
Labels
No labels
announcement
backlog
bug
declined
documentation
duplicate
enhancement
good first issue
good first issue
help wanted
invalid
pull-request
question
stale
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference
starred/certimate#737
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @StephenJose-Dai on GitHub (Dec 8, 2025).
Original GitHub issue: https://github.com/certimate-go/certimate/issues/1092
Release Version / 软件版本
v0.4.8
Description / 问题描述
cloudflare证书申请失败了,一个报错是找不到zone,一个报错是说找不到acme_challenge的记录,我手动curl可以获取到zone下的列表信息,说明是没问题的,acme_challenge这个记录不应该是申请的时候手动插入的吗?
Miscellaneous / 其他
No response
@fudiwei commented on GitHub (Dec 8, 2025):
通常来说
unexpected EOF会出现在 HTTP 连接被意外关闭。这种偶发性的网络问题基本无法排查,原因大概率也和应用层无关。使用 lego (这是 Let's Encrypt 官方所使用的 ACME 客户端,也是 Certimate 的底层依赖库)时你可以正常获取证书吗?如果不可以,那么问题不在 Certimate 这。可以尝试设置“DNS 传播等待时间”(30 秒或更大值)看看是否有所改善。
@StephenJose-Dai commented on GitHub (Dec 8, 2025):
我没有尝试使用lego试过,但是我手动用nslookup去查询记录的时候其实是有记录出来的
@StephenJose-Dai commented on GitHub (Dec 8, 2025):
/app # CLOUDFLARE_DNS_API_TOKEN="d4a5s67f8964w5a61f54sad8f798eawsf" CF_API_TOKEN="d4a5s67f8964w5a61f54sad8f798eawsf" ./lego --dns cloudflare --email "abc.com@gmail.com" --domains "y.dai
sh.eu.org" --path /app/crts/ run
2025/12/08 16:33:13 Please review the TOS at https://letsencrypt.org/documents/LE-SA-v1.6-August-18-2025.pdf
Do you accept the TOS? Y/n
Y
2025/12/08 16:33:28 [INFO] acme: Registering account for abc.com@gmail.com
!!!! HEADS UP !!!!
Your account credentials have been saved in your
configuration directory at "/app/crts/accounts".
You should make a secure backup of this folder now. This
configuration directory will also contain certificates and
private keys obtained from the ACME server so making regular
backups of this folder is ideal.
2025/12/08 16:33:29 [INFO] [y.abc.com] acme: Obtaining bundled SAN certificate
2025/12/08 16:33:30 [INFO] [y.abc.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz/2860460196/624414857256
2025/12/08 16:33:30 [INFO] [y.abc.com] acme: Could not find solver for: tls-alpn-01
2025/12/08 16:33:30 [INFO] [y.abc.com] acme: Could not find solver for: http-01
2025/12/08 16:33:30 [INFO] [y.abc.com] acme: use dns-01 solver
2025/12/08 16:33:30 [INFO] [y.abc.com] acme: Preparing to solve DNS-01
2025/12/08 16:33:31 [INFO] cloudflare: new record for y.abc.com, ID 57226cbcce7aafd3e9058e8a2bb50d37
2025/12/08 16:33:31 [INFO] [y.abc.com] acme: Trying to solve DNS-01
2025/12/08 16:33:31 [INFO] [y.abc.com] acme: Checking DNS record propagation. [nameservers=172.16.227.254:53,223.5.5.5:53,223.6.6.6:53,218.85.152.99:53,218.85.157.99:53,218.104.128.106:53,211.138.151.161:53,211.138.156.66:53,218.207.217.241:53,218.207.217.242:53,211.143.181.178:53,211.143.181.179:53,218.207.128.4:53,218.207.130.118:53,211.138.145.194:53,[2400:3200::1]:53,[2400:3200:baba::1]:53,[2408:8899::8]:53,[2408:8888::8]:53,[240e:4c:4008::1]:53,[240e:4c:4808::1]:53,[2409:8088::a]:53,[2409:8088::b]:53]
2025/12/08 16:33:33 [INFO] Wait for propagation [timeout: 2m0s, interval: 2s]
2025/12/08 16:33:34 [INFO] [y.abc.com] acme: Waiting for DNS record propagation.
2025/12/08 16:33:36 [INFO] [y.abc.com] acme: Waiting for DNS record propagation.
2025/12/08 16:33:38 [INFO] [y.abc.com] acme: Waiting for DNS record propagation.
2025/12/08 16:33:52 [INFO] [y.abc.com] acme: Waiting for DNS record propagation.
2025/12/08 16:33:54 [INFO] [y.abc.com] acme: Waiting for DNS record propagation.
2025/12/08 16:33:56 [INFO] [y.abc.com] acme: Waiting for DNS record propagation.
2025/12/08 16:33:58 [INFO] [y.abc.com] acme: Waiting for DNS record propagation.
2025/12/08 16:34:00 [INFO] [y.abc.com] acme: Waiting for DNS record propagation.
2025/12/08 16:34:02 [INFO] [y.abc.com] acme: Waiting for DNS record propagation.
2025/12/08 16:34:04 [INFO] [y.abc.com] acme: Waiting for DNS record propagation.
2025/12/08 16:34:06 [INFO] [y.abc.com] acme: Waiting for DNS record propagation.
2025/12/08 16:34:08 [INFO] [y.abc.com] acme: Waiting for DNS record propagation.
2025/12/08 16:34:11 [INFO] [y.abc.com] acme: Waiting for DNS record propagation.
2025/12/08 16:34:13 [INFO] [y.abc.com] acme: Waiting for DNS record propagation.
2025/12/08 16:34:15 [INFO] [y.abc.com] acme: Waiting for DNS record propagation.
2025/12/08 16:34:17 [INFO] [y.abc.com] acme: Waiting for DNS record propagation.
2025/12/08 16:34:19 [INFO] [y.abc.com] acme: Waiting for DNS record propagation.
2025/12/08 16:34:21 [INFO] [y.abc.com] acme: Waiting for DNS record propagation.
2025/12/08 16:34:23 [INFO] [y.abc.com] acme: Waiting for DNS record propagation.
2025/12/08 16:34:25 [INFO] [y.abc.com] acme: Waiting for DNS record propagation.
2025/12/08 16:34:27 [INFO] [y.abc.com] acme: Waiting for DNS record propagation.
2025/12/08 16:34:29 [INFO] [y.abc.com] acme: Waiting for DNS record propagation.
2025/12/08 16:34:31 [INFO] [y.abc.com] acme: Waiting for DNS record propagation.
2025/12/08 16:34:33 [INFO] [y.abc.com] acme: Waiting for DNS record propagation.
2025/12/08 16:34:35 [INFO] [y.abc.com] acme: Waiting for DNS record propagation.
2025/12/08 16:34:37 [INFO] [y.abc.com] acme: Waiting for DNS record propagation.
2025/12/08 16:34:39 [INFO] [y.abc.com] acme: Waiting for DNS record propagation.
2025/12/08 16:34:41 [INFO] [y.abc.com] acme: Waiting for DNS record propagation.
2025/12/08 16:34:43 [INFO] [y.abc.com] acme: Waiting for DNS record propagation.
2025/12/08 16:34:45 [INFO] [y.abc.com] acme: Waiting for DNS record propagation.
2025/12/08 16:34:47 [INFO] [y.abc.com] acme: Waiting for DNS record propagation.
2025/12/08 16:34:49 [INFO] [y.abc.com] acme: Waiting for DNS record propagation.
2025/12/08 16:34:51 [INFO] [y.abc.com] acme: Waiting for DNS record propagation.
2025/12/08 16:34:53 [INFO] [y.abc.com] acme: Waiting for DNS record propagation.
2025/12/08 16:34:55 [INFO] [y.abc.com] acme: Waiting for DNS record propagation.
2025/12/08 16:34:57 [INFO] [y.abc.com] acme: Waiting for DNS record propagation.
2025/12/08 16:34:59 [INFO] [y.abc.com] acme: Waiting for DNS record propagation.
2025/12/08 16:35:01 [INFO] [y.abc.com] acme: Waiting for DNS record propagation.
2025/12/08 16:35:04 [INFO] [y.abc.com] acme: Waiting for DNS record propagation.
2025/12/08 16:35:06 [INFO] [y.abc.com] acme: Waiting for DNS record propagation.
2025/12/08 16:35:08 [INFO] [y.abc.com] acme: Waiting for DNS record propagation.
2025/12/08 16:35:10 [INFO] [y.abc.com] acme: Waiting for DNS record propagation.
2025/12/08 16:35:12 [INFO] [y.abc.com] acme: Waiting for DNS record propagation.
2025/12/08 16:35:14 [INFO] [y.abc.com] acme: Waiting for DNS record propagation.
2025/12/08 16:35:16 [INFO] [y.abc.com] acme: Waiting for DNS record propagation.
2025/12/08 16:35:18 [INFO] [y.abc.com] acme: Waiting for DNS record propagation.
2025/12/08 16:35:20 [INFO] [y.abc.com] acme: Waiting for DNS record propagation.
2025/12/08 16:35:22 [INFO] [y.abc.com] acme: Waiting for DNS record propagation.
2025/12/08 16:35:24 [INFO] [y.abc.com] acme: Waiting for DNS record propagation.
2025/12/08 16:35:26 [INFO] [y.abc.com] acme: Waiting for DNS record propagation.
2025/12/08 16:35:28 [INFO] [y.abc.com] acme: Waiting for DNS record propagation.
2025/12/08 16:35:30 [INFO] [y.abc.com] acme: Waiting for DNS record propagation.
2025/12/08 16:35:32 [INFO] [y.abc.com] acme: Waiting for DNS record propagation.
2025/12/08 16:35:34 [INFO] [y.abc.com] acme: Cleaning DNS-01 challenge
2025/12/08 16:35:35 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz/2860460196/624414857256
2025/12/08 16:35:36 Could not obtain certificates:
error: one or more domains had a problem:
[y.abc.com] propagation: time limit exceeded: last error: authoritative nameservers: NS aiden.ns.cloudflare.com.:53 returned NXDOMAIN for _acme-challenge.y.abc.com.
@StephenJose-Dai commented on GitHub (Dec 8, 2025):
使用lego依旧也是报错的,跟certimate的报错一模一样,都说没有找到_acme-challenge.y.abc.com.这个txt的记录,但是我在cloudflre的日志中有发现已经有create的记录
@StephenJose-Dai commented on GitHub (Dec 8, 2025):
@fudiwei commented on GitHub (Dec 8, 2025):
Let's Encrypt 会使用多个权威服务器来验证 TXT 解析。一条 DNS 解析记录在被 NS 创建后、到在全球范围内均可以解析生效的这个过程,被称之为“DNS 传播”(DNS Propagation),通常来说传播将在几秒内完成,但某些情况下传播可能会很慢。因此你手动 nslookup 仅能代表已经传播到你的本机上,但并不代表已经传播到 Let's Encrypt 所使用的权威服务器。这也是我为何在之前建议手动设置一个较大的“DNS 传播等待时间”来观察是否有所改善的原因。
@fudiwei commented on GitHub (Dec 8, 2025):
另外我注意到你的递归服务器包含 IPv6 的部分,但你的服务商是否支持 IPv6 呢?
@StephenJose-Dai commented on GitHub (Dec 8, 2025):
是的,是支援IPV6的,因为是我的本地服务器,我已经取得了IPV6地址,cloudflare也支援IPV6,我刚才尝试了一遍,似乎成功了,我的DNS查询时间和传播时间分别设置为120和60s,感谢您的回答!
@StephenJose-Dai commented on GitHub (Dec 8, 2025):
这个好像有点问题,没获取到