Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Error add txt for domain:_acme-challenge

    Scheduled Pinned Locked Moved ACME
    5 Posts 2 Posters 380 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      killuhbyte
      last edited by

      Hello all, I am having issues setting up ACME certificates for Cloudflare DNS. When I issue a production Lets Encrypt certificate I get :

      Error add txt for domain:_acme-challenge.subdomain.domain.com

      I am using HAProxy and Acme for certificates. I created an api key for this and it still gives me the error. Any advice on this?

      Thank you.

      1 Reply Last reply Reply Quote 0
      • tinfoilmattT
        tinfoilmatt
        last edited by

        This is the minimum amount of information needed for a Cloudflare-configured, single account, single zone ACME DNS challenge. If yours mostly matches, then the issue is on the Cloudflare account/API token side:

        acme.png

        K 1 Reply Last reply Reply Quote 0
        • K
          killuhbyte @tinfoilmatt
          last edited by

          @tinfoilmatt my settings match yours and only in production it tells me that the domain is invalid. I have created the api key and it keeps giving me the same error over and over again.

          [Mon Nov 25 20:59:42 EST 2024] Using CA: https://acme-v02.api.letsencrypt.org/directory
          [Mon Nov 25 20:59:42 EST 2024] Using pre generated key: /tmp/acme/firewall-cert/subdomain.domain.com/subdomain.domain.com.key.next
          [Mon Nov 25 20:59:42 EST 2024] Generate next pre-generate key.
          [Mon Nov 25 20:59:42 EST 2024] Single domain='subdomain.domain.com'
          [Mon Nov 25 20:59:44 EST 2024] Getting webroot for domain='subdomain.domain.com'
          [Mon Nov 25 20:59:44 EST 2024] Adding txt value: KEY for domain: _acme-challenge.subdomain.domain.com
          [Mon Nov 25 20:59:45 EST 2024] invalid domain
          [Mon Nov 25 20:59:45 EST 2024] Error add txt for domain:_acme-challenge.subdomain.domain.com
          [Mon Nov 25 20:59:45 EST 2024] Please check log file for more details: /tmp/acme/firewall-cert/acme_issuecert.log

          tinfoilmattT 1 Reply Last reply Reply Quote 0
          • tinfoilmattT
            tinfoilmatt @killuhbyte
            last edited by

            @killuhbyte Without reviewing /tmp/acme/firewall-cert/acme_issuecert.log to possibly discern more, the script appears to be failing at actually reading the zone file—or failing to match it to what you've entered under "Domainname".

            Relevant code:

              _debug "First detect the root zone"
  if ! _get_root "$fulldomain"; then
    _err "invalid domain"
    return 1
  fi

            Without seeing more of your configuration, there's something wrong with the "Domainname", the API Token, or the Zone ID.

            How is the token configured on the Cloudflare side?

            K 1 Reply Last reply Reply Quote 0
            • K
              killuhbyte @tinfoilmatt
              last edited by

              @tinfoilmatt it looks like I have finally gotten the certificate to pop up but now I am dealing with getting 503 Service Unavailable error. Do you know if this is an HAProxy issue or on the cloudflare side?

              Screenshot 2024-12-05 at 12.51.02 PM.png

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.