Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
DNS verification is not being retried
See original GitHub issueSome odd issue when running “latest” version of robocert (3.8.3). Issue is - it doesnt seem like it keep retrying up to max_checks count. Based on the logs I can only assume it’s erroring out on first try, removes dns records and not continuing attempts after that.
In my config (linked below) - Ive configured max_checks = 14, however it only does one attempt it seems.
Dnsrobocert was previously working fine without issues for other domains, it was auto-updated via watchtowerrr (not sure if this is related).
Edit: Ive downgraded dnsrobocert to DNSroboCert/3.7.5 and cert with all the same settings got generated just fine.
Container is launched like this:
docker run -d \
--name dnsrobocert \
--restart=unless-stopped \
--label=com.centurylinklabs.watchtower.enable=false \
-v /dockervolumes/dnsrobocert/config:/etc/dnsrobocert \
-v /dockervolumes/dnsrobocert/letsencrypt:/etc/letsencrypt \
adferrand/dnsrobocert
Configuration file:
draft: false
acme:
email_account: reeee@gmail.com
api_version: 2
staging: false
certs_permissions:
files_mode: "0664"
dirs_mode: "0775"
user: 1000
group: 1000
profiles:
- name: namesilo_profile
provider: namesilo
provider_options:
auth_token: "TraTaTa555VeryReeeeAndFakeToken"
max_checks: 14
sleep_time: 200
ttl: 7200
certificates:
- domains:
- "*.example.dev"
- "example.dev"
profile: namesilo_profile
pfx:
export: true
Log:
----------
2021-01-02 01:16:20 5b08b0fc4e43 dnsrobocert.core.main[1] INFO Handling the certificate for domain(s): *.example.dev, example.dev
2021-01-02 01:16:20 5b08b0fc4e43 dnsrobocert.core.utils[1] INFO Launching command: /usr/local/bin/python -m dnsrobocert.core.certbot certonly -n --user-agent-comment DNSroboCert/3.8.3 --config-dir /etc/letsencrypt --work-dir /etc/letsencrypt/workdir --logs-dir /etc/letsencrypt/logs --manual --preferred-challenges=dns --manual-auth-hook "/usr/local/bin/python -m dnsrobocert.core.hooks -t auth -c \"/tmp/tmp4pj7ph_k/dnsrobocert-runtime.yml\" -l \"example.dev\"" --manual-cleanup-hook "/usr/local/bin/python -m dnsrobocert.core.hooks -t cleanup -c \"/tmp/tmp4pj7ph_k/dnsrobocert-runtime.yml\" -l \"example.dev\"" --manual-public-ip-logging-ok --expand --deploy-hook "/usr/local/bin/python -m dnsrobocert.core.hooks -t deploy -c \"/tmp/tmp4pj7ph_k/dnsrobocert-runtime.yml\" -l \"example.dev\"" --server https://acme-v02.api.letsencrypt.org/directory --cert-name example.dev -d *.example.dev -d example.dev
----------
Use of --manual-public-ip-logging-ok is deprecated.
Saving debug log to /etc/letsencrypt/logs/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Requesting a certificate for *.example.dev and example.dev
Performing the following challenges:
dns-01 challenge for example.dev
dns-01 challenge for example.dev
Running manual-auth-hook command: /usr/local/bin/python -m dnsrobocert.core.hooks -t auth -c "/tmp/tmp4pj7ph_k/dnsrobocert-runtime.yml" -l "example.dev"
Output from manual-auth-hook command python:
Executing auth hook for domain example.dev, lineage example.dev.
Still 1 challenges to handle, skip checks until last challenge.
Running manual-auth-hook command: /usr/local/bin/python -m dnsrobocert.core.hooks -t auth -c "/tmp/tmp4pj7ph_k/dnsrobocert-runtime.yml" -l "example.dev"
Output from manual-auth-hook command python:
Executing auth hook for domain example.dev, lineage example.dev.
Challenges to check: ['_acme-challenge.example.dev', '_acme-challenge.example.dev']
Wait 200 seconds before checking that all challenges have the expected value (try 1/14)
manual-auth-hook command "/usr/local/bin/python -m dnsrobocert.core.hooks -t auth -c "/tmp/tmp4pj7ph_k/dnsrobocert-runtime.yml" -l "example.dev"" returned error code 1
Error output from manual-auth-hook command python:
Error while executing the `auth` hook:
'Resolver' object has no attribute 'NXDOMAIN'
Traceback (most recent call last):
File "/usr/local/lib/python3.8/site-packages/dnsrobocert/core/challenge.py", line 64, in check_one_challenge
answers = resolver.query(challenge, "TXT")
File "/usr/local/lib/python3.8/site-packages/dns/resolver.py", line 1089, in query
return self.resolve(qname, rdtype, rdclass, tcp, source,
File "/usr/local/lib/python3.8/site-packages/dns/resolver.py", line 1030, in resolve
(request, answer) = resolution.next_request()
File "/usr/local/lib/python3.8/site-packages/dns/resolver.py", line 584, in next_request
raise NXDOMAIN(qnames=self.qnames_to_try,
dns.resolver.NXDOMAIN: None of DNS query names exist: _acme-challenge.example.dev., _acme-challenge.example.dev.
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/lib/python3.8/site-packages/dnsrobocert/core/hooks.py", line 40, in main
globals()[parsed_args.type](dnsrobocert_config, parsed_args.lineage)
File "/usr/local/lib/python3.8/site-packages/dnsrobocert/core/hooks.py", line 94, in auth
challenges_to_check = [
File "/usr/local/lib/python3.8/site-packages/dnsrobocert/core/hooks.py", line 97, in <listcomp>
if not check_one_challenge(
File "/usr/local/lib/python3.8/site-packages/dnsrobocert/core/challenge.py", line 65, in check_one_challenge
except (resolver.NXDOMAIN, resolver.NoAnswer):
AttributeError: 'Resolver' object has no attribute 'NXDOMAIN'
Waiting for verification...
Challenge failed for domain example.dev
Challenge failed for domain example.dev
dns-01 challenge for example.dev
dns-01 challenge for example.dev
Cleaning up challenges
Running manual-cleanup-hook command: /usr/local/bin/python -m dnsrobocert.core.hooks -t cleanup -c "/tmp/tmp4pj7ph_k/dnsrobocert-runtime.yml" -l "example.dev"
Output from manual-cleanup-hook command python:
Executing cleanup hook for domain example.dev, lineage example.dev.
Running manual-cleanup-hook command: /usr/local/bin/python -m dnsrobocert.core.hooks -t cleanup -c "/tmp/tmp4pj7ph_k/dnsrobocert-runtime.yml" -l "example.dev"
Output from manual-cleanup-hook command python:
Executing cleanup hook for domain example.dev, lineage example.dev.
Some challenges have failed.
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: example.dev
Type: dns
Detail: DNS problem: NXDOMAIN looking up TXT for
_acme-challenge.example.dev - check that a DNS record exists for
this domain
Domain: example.dev
Type: dns
Detail: DNS problem: NXDOMAIN looking up TXT for
_acme-challenge.example.dev - check that a DNS record exists for
this domain
----------
2021-01-02 01:19:53 5b08b0fc4e43 dnsrobocert.core.main[1] ERROR An error occurred while processing certificate config `{'domains': ['*.example.dev', 'example.dev'], 'profile': 'namesilo_profile', 'pfx': {'export': True}}`:
Command '['/usr/local/bin/python', '-m', 'dnsrobocert.core.certbot', 'certonly', '-n', '--user-agent-comment', 'DNSroboCert/3.8.3', '--config-dir', '/etc/letsencrypt', '--work-dir', '/etc/letsencrypt/workdir', '--logs-dir', '/etc/letsencrypt/logs', '--manual', '--preferred-challenges=dns', '--manual-auth-hook', '/usr/local/bin/python -m dnsrobocert.core.hooks -t auth -c "/tmp/tmp4pj7ph_k/dnsrobocert-runtime.yml" -l "example.dev"', '--manual-cleanup-hook', '/usr/local/bin/python -m dnsrobocert.core.hooks -t cleanup -c "/tmp/tmp4pj7ph_k/dnsrobocert-runtime.yml" -l "example.dev"', '--manual-public-ip-logging-ok', '--expand', '--deploy-hook', '/usr/local/bin/python -m dnsrobocert.core.hooks -t deploy -c "/tmp/tmp4pj7ph_k/dnsrobocert-runtime.yml" -l "example.dev"', '--server', 'https://acme-v02.api.letsencrypt.org/directory', '--cert-name', 'example.dev', '-d', '*.example.dev', '-d', 'example.dev']' returned non-zero exit status 1.
Issue Analytics
- State:
- Created 3 years ago
- Comments:5 (2 by maintainers)
Top Results From Across the Web
Troubleshoot domain with verification pending or unverified ...
Follow these steps to retry domain verification when the status is "verification pending": Open the Amazon SES console. From the AWS Region ...
Read more >My domain verification failed - Google Workspace Admin Help
Re-enter the verification record—It's possible the verification record was not created or entered correctly. You need to troubleshoot your verification method ...
Read more >Troubleshooting Google Workspace domain verification
Step 3 - Retry domain verification · Open the Google Workspace panel. · Under Google couldn't verify domain, click Try Again. · Refresh...
Read more >Google App Engine SSL error "DNS records could not be ...
Solution is to simply keep trying to verify the TXT record which Cloudflare doesn't modify, and then it works out. Tip: If you're...
Read more >Domain Troubleshooting | Public DNS - Google Developers
Step 1: Check for DNSSEC validation problems · Step 2: Check the authoritative name servers · Step 3: Check for delegation problems ·...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
OK thanks, I will look at it as soon as possible.
@adferrand Thanks - I’ve always ever only used a docker version, so not sure how i could have gotten something out of date.