Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

[certificates] ACME DNS challenge failed to place TXT record

Description

TrueNAS-SCALE-21.04-MASTER-20210409-132917

When attempting to create an ACME certificate using Cloudflare Authenticator, there is an error returned saying 'No TXT record found at _acme-challenge.zzzzzzz.com'

I've tried variations of the following:
-Cloudflare API token vs Global API key & email.
-Using wildcard domain vs no wildcard in the Common Name & SAN fields
-LE Staging vs Production

All of these attempts produced the same error.

Error: Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/middlewared/plugins/acme_protocol_/issue_cert.py", line 101, in issue_certificate
return acme_client.poll_and_finalize(
File "/usr/lib/python3/dist-packages/acme/client.py", line 710, in poll_and_finalize
orderr = self.poll_authorizations(orderr, deadline)
File "/usr/lib/python3/dist-packages/acme/client.py", line 734, in poll_authorizations
raise errors.ValidationError(failed)
acme.errors.ValidationError

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/middlewared/job.py", line 378, in run
await self.future
File "/usr/lib/python3/dist-packages/middlewared/job.py", line 414, in __run_body
rv = await self.method(*([self] + args))
File "/usr/lib/python3/dist-packages/middlewared/schema.py", line 1001, in nf
return await f(*args, **kwargs)
File "/usr/lib/python3/dist-packages/middlewared/plugins/crypto.py", line 1584, in do_create
data = await self.middleware.run_in_thread(
File "/usr/lib/python3/dist-packages/middlewared/utils/run_in_thread.py", line 10, in run_in_thread
return await self.loop.run_in_executor(self.run_in_thread_executor, functools.partial(method, *args, **kwargs))
File "/usr/lib/python3/dist-packages/middlewared/utils/io_thread_pool_executor.py", line 25, in run
result = self.fn(*self.args, **self.kwargs)
File "/usr/lib/python3/dist-packages/middlewared/schema.py", line 1005, in nf
return f(*args, **kwargs)
File "/usr/lib/python3/dist-packages/middlewared/plugins/crypto.py", line 1639, in __create_acme_certificate
final_order = self.middleware.call_sync('acme.issue_certificate', job, 25, data, csr_data)
File "/usr/lib/python3/dist-packages/middlewared/main.py", line 1266, in call_sync
return methodobj(*prepared_call.args)
File "/usr/lib/python3/dist-packages/middlewared/plugins/acme_protocol_/issue_cert.py", line 117, in issue_certificate
raise CallError(f'Certificate request for final order failed: {msg}')
middlewared.service_exception.CallError: [EFAULT] Certificate request for final order failed:
Authorization for identifier Identifier(typ=IdentifierType(dns), value='zzzzzzz.com') failed.
Here are the challenges that were not fulfilled:
Challenge Type: dns-01

Error information:

  • Type: urn:ietf:params:acme:error:unauthorized

  • Details: No TXT record found at _acme-challenge.zzzzzzz.com

Authorization for identifier Identifier(typ=IdentifierType(dns), value='zzzzzzz.com') failed.
Here are the challenges that were not fulfilled:
Challenge Type: dns-01

Error information:

  • Type: urn:ietf:params:acme:error:unauthorized

  • Details: No TXT record found at _acme-challenge.zzzzzzz.com

Problem/Justification

None

Impact

None

SmartDraw Connector

Katalon Manual Tests (BETA)

Activity

Show:

Bug Clerk April 23, 2021 at 3:14 AM

ksimm1 April 21, 2021 at 3:21 PM

other detail posted to the comment thread of this duplicate ticket

https://jira.ixsystems.com/browse/NAS-110142

ksimm1 April 15, 2021 at 11:33 PM

the original debug archive was broken when it hit size limit, re-uploaded manually

Complete

Details

Assignee

Reporter

Labels

Components

Fix versions

Affects versions

Priority

More fields

Katalon Platform

Created April 10, 2021 at 7:46 PM
Updated July 1, 2022 at 2:47 PM
Resolved April 23, 2021 at 10:03 PM