You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This may not be a good place to request assistance but I can't think where else to get help. I am installing Let's Encrypt for the first time, and it's on a company intranet. I have control over the subdomain which I want to install the cert, but not over the root domain. I have followed what I think is the correct process and even though my DNS TXT entry matches that requested by dehydrated, and dehydrated verifies the match, it still fails the challenge. I can't figure why or what I'm doing wrong.
Our DNS is on Windows Server 2008 R2 and I'm installing Let's Encrypt on an Xubuntu 16.04 VM. Below is the command I ran and the outcome. I have replace the true root domain with company.com, however the true root domain is valid and resolvable both inside and outside our network, only the subdomain is internal only.
I also changed the values in the /etc/dehydrated/domains.txt from the default entries to just containing a single entry of wiki.company.com
Any assistance at all would be great.
xwiki@xwiki:~$ sudo ./dehydrated/dehydrated -c -t dns-01 -d wiki.company.com -k ./dehydrated/hooks/manual/manual_hook.rb
[sudo] password for xwiki:
# INFO: Using main config file /etc/dehydrated/config
Processing wiki.company.com
+ Signing domains...
+ Generating private key...
+ Generating signing request...
+ Requesting authorization for wiki.company.com...
+ 1 pending challenge(s)
+ Deploying challenge tokens...
Checking for pre-existing TXT record for the domain: '_acme-challenge.wiki.company.com'.
Found IRuosj38RBgVpK_R_gpCSF6Tsg5bDlGYL9QQi1YBqA. no match.
Create TXT record for the domain: '_acme-challenge.wiki.company.com'. TXT record:
'-IRuosj38RBgVpK_R_gpCSF6Tsg5bDlGYL9QQi1YBqA'
Press enter when DNS has been updated...
Found -IRuosj38RBgVpK_R_gpCSF6Tsg5bDlGYL9QQi1YBqA. match.
+ Responding to challenge for wiki.company.com authorization...
Challenge complete. Leave TXT record in place to allow easier future refreshes.
ERROR: Challenge is invalid! (returned: invalid) (result: {
"type": "dns-01",
"status": "invalid",
"error": {
"type": "urn:acme:error:connection",
"detail": "DNS problem: NXDOMAIN looking up TXT for _acme-challenge.wiki.company.com",
"status": 400
},
"uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/NKQ9YHl0JyukZ4huvZ7uKmSoK2f9Gg7KptyYg1hYP_A/3308960735",
"token": "wQbrFK-uMHl-5d6_XcJK0MnwwitpTru2RIwnlAT1nDw",
"keyAuthorization": "wQbrFK-uMHl-5d6_XcJK0MnwwitpTru2RIwnlAT1nDw.bWinojXTWVUGHhO6wbWrkMvXZvir5DKWGBu7aX7dQ1c"
})
xwiki@xwiki:~$
The text was updated successfully, but these errors were encountered:
This may not be a good place to request assistance but I can't think where else to get help. I am installing Let's Encrypt for the first time, and it's on a company intranet. I have control over the subdomain which I want to install the cert, but not over the root domain. I have followed what I think is the correct process and even though my DNS TXT entry matches that requested by dehydrated, and dehydrated verifies the match, it still fails the challenge. I can't figure why or what I'm doing wrong.
Our DNS is on Windows Server 2008 R2 and I'm installing Let's Encrypt on an Xubuntu 16.04 VM. Below is the command I ran and the outcome. I have replace the true root domain with company.com, however the true root domain is valid and resolvable both inside and outside our network, only the subdomain is internal only.
I also changed the values in the /etc/dehydrated/domains.txt from the default entries to just containing a single entry of wiki.company.com
Any assistance at all would be great.
The text was updated successfully, but these errors were encountered: