ACME CloudFlare DNS query infinite status 3 loop
-
Hi,
Netgate pfSense Plus 21.02.2-RELEASE
Can't get ACMEv2 staging cert anymore. It was working fine two days ago (my last cert request was June 9).
I get the following "status 3" error at the cloudflare-dns dns-query stage:
[Fri Jun 11 11:28:04 CEST 2021] url='https://cloudflare-dns.com/dns-query?name=_acme-challenge.sub.domain.ext&type=TXT'
[Fri Jun 11 11:28:04 CEST 2021] timeout=
[Fri Jun 11 11:28:04 CEST 2021] Http already initialized.
[Fri Jun 11 11:28:04 CEST 2021] _CURL='curl -L --silent --dump-header /tmp/acme/MyDomain//http.header '
[Fri Jun 11 11:28:04 CEST 2021] ret='0'
[Fri Jun 11 11:28:04 CEST 2021] response='{"Status":3,"TC":false,"RD":true,"RA":true,"AD":true,"CD":false,"Question":[{"name":"_acme-challenge.sub.domain.ext","type":16}],"Authority":[{"name":"domain.ext","type":6,"TTL":300,"data":"dns200.anycast.me. tech.ovh.net. 2021061101 86400 3600 3600000 300"}]}'
[Fri Jun 11 11:28:04 CEST 2021] _answers
[Fri Jun 11 11:28:04 CEST 2021] Not valid yet, let's wait 10 seconds and check next one.Exact same type of challenge was returning 0 two days ago:
[Wed Jun 9 11:46:15 CEST 2021] response='{"Status":0,"TC":false,"RD":true,"RA":true,"AD":true,"CD":false,"Question":[{"name":"_acme-challenge.sub.domain.ext","type":16}],"Answer":[{"name":"_acme-challenge.sub.domain.ext","type":16,"TTL":60,"data":""key""}]}'Domain DNS is handled by OVH Europe.
I've checked my FQDN DNS worldwide propagation and it's All OK so I don't understand why the cloudflare-dns step is failing.
-
[SOLVED]
Problem fixed.
It was due to an issue with DNS propagation on the domain name provider (OVH) side which also handles DNS service for the affected domain.
See: https://translate.google.com/translate?sl=auto&tl=en&u=http://travaux.ovh.net/?do%3Ddetails%26id%3D51225%26