Error add txt for domain:_acme-challenge
-
Hello all, I am having issues setting up ACME certificates for Cloudflare DNS. When I issue a production Lets Encrypt certificate I get :
Error add txt for domain:_acme-challenge.subdomain.domain.com
I am using HAProxy and Acme for certificates. I created an api key for this and it still gives me the error. Any advice on this?
Thank you.
-
This is the minimum amount of information needed for a Cloudflare-configured, single account, single zone ACME DNS challenge. If yours mostly matches, then the issue is on the Cloudflare account/API token side:
-
@tinfoilmatt my settings match yours and only in production it tells me that the domain is invalid. I have created the api key and it keeps giving me the same error over and over again.
[Mon Nov 25 20:59:42 EST 2024] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Mon Nov 25 20:59:42 EST 2024] Using pre generated key: /tmp/acme/firewall-cert/subdomain.domain.com/subdomain.domain.com.key.next
[Mon Nov 25 20:59:42 EST 2024] Generate next pre-generate key.
[Mon Nov 25 20:59:42 EST 2024] Single domain='subdomain.domain.com'
[Mon Nov 25 20:59:44 EST 2024] Getting webroot for domain='subdomain.domain.com'
[Mon Nov 25 20:59:44 EST 2024] Adding txt value: KEY for domain: _acme-challenge.subdomain.domain.com
[Mon Nov 25 20:59:45 EST 2024] invalid domain
[Mon Nov 25 20:59:45 EST 2024] Error add txt for domain:_acme-challenge.subdomain.domain.com
[Mon Nov 25 20:59:45 EST 2024] Please check log file for more details: /tmp/acme/firewall-cert/acme_issuecert.log -
@killuhbyte Without reviewing
/tmp/acme/firewall-cert/acme_issuecert.log
to possibly discern more, the script appears to be failing at actually reading the zone file—or failing to match it to what you've entered under "Domainname".Relevant code:
_debug "First detect the root zone" if ! _get_root "$fulldomain"; then _err "invalid domain" return 1 fi
Without seeing more of your configuration, there's something wrong with the "Domainname", the API Token, or the Zone ID.
How is the token configured on the Cloudflare side?
-
@tinfoilmatt it looks like I have finally gotten the certificate to pop up but now I am dealing with getting 503 Service Unavailable error. Do you know if this is an HAProxy issue or on the cloudflare side?