@HeMaN said in ACME v0.8 Let's Encrypt certificate renewal issue:
Anyone experiencing this as well, or maybe even have a solution?
No, and I've probably a solution.
Didn't know who or what dns_da (Direct Admin ?) is, but I guess this is the one : https://github.com/acmesh-official/acme.sh/blob/master/dnsapi/dns_da.sh
That page shows, some what hidden, that it hasn't been updated since 2020....
Your logs shows all the important steps, and they were all 'success', so from a acme.sh point of view.
One small issue, though : why are the last 4, 5 lines out of order ? Look at the time stamps.
Did you do the suggestion ?
DNS problem: NXDOMAIN looking up TXT for _acme-challenge<dot>home<dot>mydomain<dot>nl - check that a DNS record exists for this domain
This says: check for yourself if a TXT record exist for
_acme-challenge<dot>home<dot>mydomain<dot>nl
This can be done with dig in the blick of an eye :
dig _acme-challenge<dot>home<dot>mydomain<dot>nl TXT
and it should exist. As Letenscrypt is going to do exactly that same test (the dig) to check if you control the domain == because only you can place the TXT in the sub domains "_acme-challenge<dot>home" of your domain "mydomain<dot>nl".
You'll say : hey, I've only 60 seconds to that, and that's probably the issue : that way to optimistic - to short.
Keep in mind that the API script communicates with "somewhere". That backend will then contact the master DNS domain name server of your domain, and make the update.
The master will then signal the DNS domain name slave.
This slave, and here it comes, will contact the master back when it he sees fit (whenever he wants), and asks for a domain resync. This could be more then 60 seconds !
Only when the slave did this, the TXT filed/info will be present on all DNS domain name servers.
Only from now on the Letenscrypt test should be executed.
I propose the some what silly :
6eae03ca-bc78-4996-a4c0-9e1073c9d3b9-image.png
which also gives you the time to do for yourself the test with the dig command.
Remember that you 'dig' the (your !) domain name servers directly.
Example :
dig mydomain<dot>nl NS
and now you have the list of all your domain name servers - there are at least two of them.
from here :
dig @NS1.mydomain<dot>nl _acme-challenge<dot>home<dot>mydomain<dot>nl TXT
and
dig @NS2.mydomain<dot>nl _acme-challenge<dot>home<dot>mydomain<dot>nl TXT