Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

dns-01 validation not working #345

Open
pu-sh opened this issue Jun 13, 2018 · 2 comments
Open

dns-01 validation not working #345

pu-sh opened this issue Jun 13, 2018 · 2 comments

Comments

@pu-sh
Copy link

pu-sh commented Jun 13, 2018
edited

Hi,

I'm trying to validate www.yellowfield.in using the dns-01 challenge with a manual handler.

***********Background info:

  1. OS - Windows 10
  2. Domain registrar - Namecheap
  3. Site hosted on - Lunarpages.com

***********Commands I typed:

  1. New-ACMEIdentifier -Dns www.yellowfield.in -Alias yellowfield_14Jun18_06

  2. Complete-ACMEChallenge yellowfield_14Jun18_06 -ChallengeType dns-01 -Handler manual

  3. (Update-ACMEIdentifier yellowfield_14Jun18_06 -ChallengeType dns-01).Challenges | Where-Object {$_.Type -eq "dns-01"}
    ==== At this point of time, I went to the Namecheap website and edited my DNS records to create a TXT record with the information I got from the Update-ACME command and input name=_acme-challenge.www.yellowfield.in and value=rMDD-cinTJvCSqQkbX6qj3rm44VjmpfL_FgYIPPjFNs ==== I then waited for a minute ====

  4. Submit-ACMEChallenge yellowfield_14Jun18_06 -ChallengeType dns-01
    IdentifierPart : ACMESharp.Messages.IdentifierPart
    IdentifierType : dns
    Identifier : www.yellowfield.in
    Uri : https://acme-v01.api.letsencrypt.org/acme/authz/xUOJ9mL3dObpgwEGxztwQjv65MAcZALBBhczaRf_taA
    Status : pending
    Expires : 20-06-18 19:55:29
    Challenges : {, manual}
    Combinations : {1, 0}

  5. (Update-ACMEIdentifier yellowfield_14Jun18_06 -ChallengeType dns-01).Challenges | Where-Object {$_.Type -eq "dns-01"}
    ChallengePart : ACMESharp.Messages.ChallengePart
    Challenge : ACMESharp.ACME.DnsChallenge
    Type : dns-01
    Uri : https://acme-v01.api.letsencrypt.org/acme/challenge/xUOJ9mL3dObpgwEGxztwQjv65MAcZALBBhczaRf_taA/5096468866
    Token : MNsSiNILvAD0NItWtZFShqOOi1RNSO-6UTuLuB4TNBE
    Status : invalid
    OldChallengeAnswer : [, ]
    ChallengeAnswerMessage :
    HandlerName : manual
    HandlerHandleDate : 14-06-18 01:22:40
    HandlerHandleMessage : == Manual Challenge Handler - DNS ==
    * Handle Time: [14-06-18 01:22:40]
    * Challenge Token: [MNsSiNILvAD0NItWtZFShqOOi1RNSO-6UTuLuB4TNBE]

                      To complete this Challenge please create a new Resource
                  Record (RR) with the following characteristics:
                    * RR Type:  [TXT]
                    * RR Name:  [_acme-challenge.www.yellowfield.in]
                    * RR Value: [rMDD-cinTJvCSqQkbX6qj3rm44VjmpfL_FgYIPPjFNs]
                  ------------------------------------

***********Error message on this link: https://acme-v01.api.letsencrypt.org/acme/challenge/xUOJ9mL3dObpgwEGxztwQjv65MAcZALBBhczaRf_taA/5096468866
{
"type": "dns-01",
"status": "invalid",
"error": {
"type": "urn:acme:error:dns",
"detail": "DNS problem: NXDOMAIN looking up TXT for _acme-challenge.www.yellowfield.in",
"status": 400
},
"uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/xUOJ9mL3dObpgwEGxztwQjv65MAcZALBBhczaRf_taA/5096468866",
"token": "MNsSiNILvAD0NItWtZFShqOOi1RNSO-6UTuLuB4TNBE",
"keyAuthorization": "MNsSiNILvAD0NItWtZFShqOOi1RNSO-6UTuLuB4TNBE.x_Y2HCnlvbg-5_EwQztllwj57Zh_Evm_1AgbFTpNP5k"
}

***********There is no DNSSec issue as my domain does not have DNSSec enabled

***********I've tried using unboundtest.com. Output of unboundtest.com given below:

Query results for TXT www.yellowfield.in

Response:
;; opcode: QUERY, status: NOERROR, id: 57025
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;www.yellowfield.in. IN TXT

;; ANSWER SECTION:
www.yellowfield.in. 1800 IN CNAME yellowfield.chandraworld.net.

;; AUTHORITY SECTION:
chandraworld.net. 0 IN SOA ns1.lunarpages.com. alerts.lunarpages.com. 2018060200 14400 7200 3600000 86400

----- Unbound logs -----
Jun 13 20:15:21 unbound[30688:0] notice: init module 0: validator
Jun 13 20:15:21 unbound[30688:0] notice: init module 1: iterator
Jun 13 20:15:21 unbound[30688:0] info: start of service (unbound 1.6.7).
Jun 13 20:15:22 unbound[30688:0] info: 127.0.0.1 www.yellowfield.in. TXT IN
Jun 13 20:15:22 unbound[30688:0] info: resolving www.yellowfield.in. TXT IN
Jun 13 20:15:22 unbound[30688:0] info: priming . IN NS
Jun 13 20:15:22 unbound[30688:0] info: response for . NS IN
Jun 13 20:15:22 unbound[30688:0] info: reply from <.> 192.112.36.4#53
Jun 13 20:15:22 unbound[30688:0] info: query response was ANSWER
Jun 13 20:15:22 unbound[30688:0] info: priming successful for . NS IN
Jun 13 20:15:22 unbound[30688:0] info: response for www.yellowfield.in. TXT IN
Jun 13 20:15:22 unbound[30688:0] info: reply from <.> 192.33.4.12#53
Jun 13 20:15:22 unbound[30688:0] info: query response was REFERRAL
Jun 13 20:15:22 unbound[30688:0] info: response for www.yellowfield.in. TXT IN
Jun 13 20:15:22 unbound[30688:0] info: reply from <in.> 199.253.56.1#53
Jun 13 20:15:22 unbound[30688:0] info: query response was REFERRAL
Jun 13 20:15:22 unbound[30688:0] info: resolving dns1.registrar-servers.com. AAAA IN
Jun 13 20:15:22 unbound[30688:0] info: resolving dns2.registrar-servers.com. A IN
Jun 13 20:15:22 unbound[30688:0] info: resolving dns2.registrar-servers.com. AAAA IN
Jun 13 20:15:22 unbound[30688:0] info: resolving dns1.registrar-servers.com. A IN
Jun 13 20:15:22 unbound[30688:0] info: response for dns2.registrar-servers.com. AAAA IN
Jun 13 20:15:22 unbound[30688:0] info: reply from <.> 192.5.5.241#53
Jun 13 20:15:22 unbound[30688:0] info: query response was REFERRAL
Jun 13 20:15:22 unbound[30688:0] info: response for dns1.registrar-servers.com. A IN
Jun 13 20:15:22 unbound[30688:0] info: reply from <.> 192.203.230.10#53
Jun 13 20:15:22 unbound[30688:0] info: query response was REFERRAL
Jun 13 20:15:22 unbound[30688:0] info: response for dns1.registrar-servers.com. AAAA IN
Jun 13 20:15:22 unbound[30688:0] info: reply from <.> 2001:503:c27::2:30#53
Jun 13 20:15:22 unbound[30688:0] info: query response was REFERRAL
Jun 13 20:15:22 unbound[30688:0] info: response for dns1.registrar-servers.com. AAAA IN
Jun 13 20:15:22 unbound[30688:0] info: reply from <com.> 2001:503:eea3::30#53
Jun 13 20:15:22 unbound[30688:0] info: query response was REFERRAL
Jun 13 20:15:22 unbound[30688:0] info: response for dns1.registrar-servers.com. AAAA IN
Jun 13 20:15:22 unbound[30688:0] info: reply from <registrar-servers.com.> 209.112.113.33#53
Jun 13 20:15:22 unbound[30688:0] info: query response was ANSWER
Jun 13 20:15:22 unbound[30688:0] info: response for dns2.registrar-servers.com. A IN
Jun 13 20:15:22 unbound[30688:0] info: reply from <.> 199.7.83.42#53
Jun 13 20:15:22 unbound[30688:0] info: query response was REFERRAL
Jun 13 20:15:22 unbound[30688:0] info: response for www.yellowfield.in. TXT IN
Jun 13 20:15:22 unbound[30688:0] info: reply from <yellowfield.in.> 2620:74:19::33#53
Jun 13 20:15:22 unbound[30688:0] info: query response was CNAME
Jun 13 20:15:22 unbound[30688:0] info: resolving www.yellowfield.in. TXT IN
Jun 13 20:15:22 unbound[30688:0] info: response for www.yellowfield.in. TXT IN
Jun 13 20:15:22 unbound[30688:0] info: reply from <.> 2001:503:c27::2:30#53
Jun 13 20:15:22 unbound[30688:0] info: query response was REFERRAL
Jun 13 20:15:22 unbound[30688:0] info: response for dns2.registrar-servers.com. AAAA IN
Jun 13 20:15:22 unbound[30688:0] info: reply from <com.> 192.55.83.30#53
Jun 13 20:15:22 unbound[30688:0] info: query response was REFERRAL
Jun 13 20:15:22 unbound[30688:0] info: response for dns2.registrar-servers.com. AAAA IN
Jun 13 20:15:22 unbound[30688:0] info: reply from <registrar-servers.com.> 2001:500:7967::2:33#53
Jun 13 20:15:22 unbound[30688:0] info: query response was ANSWER
Jun 13 20:15:22 unbound[30688:0] info: response for dns2.registrar-servers.com. A IN
Jun 13 20:15:22 unbound[30688:0] info: reply from <com.> 2001:501:b1f9::30#53
Jun 13 20:15:22 unbound[30688:0] info: query response was REFERRAL
Jun 13 20:15:22 unbound[30688:0] info: response for www.yellowfield.in. TXT IN
Jun 13 20:15:22 unbound[30688:0] info: reply from <net.> 192.54.112.30#53
Jun 13 20:15:22 unbound[30688:0] info: query response was REFERRAL
Jun 13 20:15:22 unbound[30688:0] info: resolving ns1.lunarpages.com. AAAA IN
Jun 13 20:15:22 unbound[30688:0] info: resolving ns2.lunarpages.com. A IN
Jun 13 20:15:22 unbound[30688:0] info: resolving ns2.lunarpages.com. AAAA IN
Jun 13 20:15:22 unbound[30688:0] info: resolving ns1.lunarpages.com. A IN
Jun 13 20:15:22 unbound[30688:0] info: response for ns2.lunarpages.com. A IN
Jun 13 20:15:22 unbound[30688:0] info: reply from <com.> 2001:502:1ca1::30#53
Jun 13 20:15:22 unbound[30688:0] info: query response was REFERRAL
Jun 13 20:15:22 unbound[30688:0] info: resolving ns2.lunarfo.com. AAAA IN
Jun 13 20:15:22 unbound[30688:0] info: resolving ns1.lunarfo.com. AAAA IN
Jun 13 20:15:22 unbound[30688:0] info: response for ns2.lunarpages.com. AAAA IN
Jun 13 20:15:22 unbound[30688:0] info: reply from <com.> 2001:503:d414::30#53
Jun 13 20:15:22 unbound[30688:0] info: query response was REFERRAL
Jun 13 20:15:22 unbound[30688:0] info: response for ns1.lunarfo.com. AAAA IN
Jun 13 20:15:22 unbound[30688:0] info: reply from <com.> 192.5.6.30#53
Jun 13 20:15:22 unbound[30688:0] info: query response was REFERRAL
Jun 13 20:15:22 unbound[30688:0] info: response for ns2.lunarpages.com. AAAA IN
Jun 13 20:15:22 unbound[30688:0] info: reply from <lunarpages.com.> 64.50.177.50#53
Jun 13 20:15:22 unbound[30688:0] info: query response was nodata ANSWER
Jun 13 20:15:22 unbound[30688:0] info: response for ns2.lunarpages.com. A IN
Jun 13 20:15:22 unbound[30688:0] info: reply from <lunarpages.com.> 64.50.177.50#53
Jun 13 20:15:22 unbound[30688:0] info: query response was ANSWER
Jun 13 20:15:22 unbound[30688:0] info: response for ns1.lunarpages.com. A IN
Jun 13 20:15:22 unbound[30688:0] info: reply from <com.> 2001:500:d937::30#53
Jun 13 20:15:22 unbound[30688:0] info: query response was REFERRAL
Jun 13 20:15:22 unbound[30688:0] info: response for ns1.lunarfo.com. AAAA IN
Jun 13 20:15:22 unbound[30688:0] info: reply from <lunarfo.com.> 67.210.96.101#53
Jun 13 20:15:22 unbound[30688:0] info: query response was nodata ANSWER
Jun 13 20:15:22 unbound[30688:0] info: response for ns1.lunarpages.com. AAAA IN
Jun 13 20:15:22 unbound[30688:0] info: reply from <com.> 192.43.172.30#53
Jun 13 20:15:22 unbound[30688:0] info: query response was REFERRAL
Jun 13 20:15:22 unbound[30688:0] info: resolving ns1.lunarfo.com. AAAA IN
Jun 13 20:15:22 unbound[30688:0] info: response for ns2.lunarfo.com. AAAA IN
Jun 13 20:15:22 unbound[30688:0] info: reply from <com.> 192.48.79.30#53
Jun 13 20:15:22 unbound[30688:0] info: query response was REFERRAL
Jun 13 20:15:22 unbound[30688:0] info: response for www.yellowfield.in. TXT IN
Jun 13 20:15:22 unbound[30688:0] info: reply from <chandraworld.net.> 216.227.215.2#53
Jun 13 20:15:22 unbound[30688:0] info: query response was nodata ANSWER
Jun 13 20:15:22 unbound[30688:0] info: prime trust anchor
Jun 13 20:15:22 unbound[30688:0] info: resolving . DNSKEY IN
Jun 13 20:15:22 unbound[30688:0] info: resolving _ta-4a5c-4f66. NULL IN
Jun 13 20:15:22 unbound[30688:0] info: response for . DNSKEY IN
Jun 13 20:15:22 unbound[30688:0] info: reply from <.> 192.5.5.241#53
Jun 13 20:15:22 unbound[30688:0] info: query response was ANSWER
Jun 13 20:15:22 unbound[30688:0] info: validate keys with anchor(DS): sec_status_secure
Jun 13 20:15:22 unbound[30688:0] info: Successfully primed trust anchor . DNSKEY IN
Jun 13 20:15:22 unbound[30688:0] info: validated DS in. DS IN
Jun 13 20:15:22 unbound[30688:0] info: resolving in. DNSKEY IN
Jun 13 20:15:22 unbound[30688:0] info: response for _ta-4a5c-4f66. NULL IN
Jun 13 20:15:22 unbound[30688:0] info: reply from <.> 2001:500:a8::e#53
Jun 13 20:15:22 unbound[30688:0] info: query response was NXDOMAIN ANSWER
Jun 13 20:15:22 unbound[30688:0] info: response for ns1.lunarpages.com. A IN
Jun 13 20:15:22 unbound[30688:0] info: reply from <lunarpages.com.> 67.210.96.101#53
Jun 13 20:15:22 unbound[30688:0] info: query response was ANSWER
Jun 13 20:15:22 unbound[30688:0] info: response for ns1.lunarpages.com. AAAA IN
Jun 13 20:15:22 unbound[30688:0] info: reply from <lunarpages.com.> 67.210.96.101#53
Jun 13 20:15:22 unbound[30688:0] info: query response was nodata ANSWER
Jun 13 20:15:22 unbound[30688:0] info: response for ns1.lunarfo.com. AAAA IN
Jun 13 20:15:22 unbound[30688:0] info: reply from <lunarfo.com.> 67.210.96.101#53
Jun 13 20:15:22 unbound[30688:0] info: query response was nodata ANSWER
Jun 13 20:15:22 unbound[30688:0] info: response for ns2.lunarfo.com. AAAA IN
Jun 13 20:15:22 unbound[30688:0] info: reply from <lunarfo.com.> 64.50.177.50#53
Jun 13 20:15:22 unbound[30688:0] info: query response was nodata ANSWER
Jun 13 20:15:22 unbound[30688:0] info: response for dns1.registrar-servers.com. A IN
Jun 13 20:15:22 unbound[30688:0] info: reply from <com.> 2001:502:7094::30#53
Jun 13 20:15:22 unbound[30688:0] info: query response was REFERRAL
Jun 13 20:15:22 unbound[30688:0] info: response for dns1.registrar-servers.com. A IN
Jun 13 20:15:22 unbound[30688:0] info: reply from <registrar-servers.com.> 209.112.113.33#53
Jun 13 20:15:22 unbound[30688:0] info: query response was ANSWER
Jun 13 20:15:22 unbound[30688:0] info: response for dns2.registrar-servers.com. A IN
Jun 13 20:15:22 unbound[30688:0] info: reply from <registrar-servers.com.> 2001:502:cbe4::33#53
Jun 13 20:15:22 unbound[30688:0] info: query response was ANSWER
Jun 13 20:15:23 unbound[30688:0] info: response for in. DNSKEY IN
Jun 13 20:15:23 unbound[30688:0] info: reply from <in.> 2001:4528:fff:13::142#53
Jun 13 20:15:23 unbound[30688:0] info: query response was ANSWER
Jun 13 20:15:23 unbound[30688:0] info: validated DNSKEY in. DNSKEY IN
Jun 13 20:15:23 unbound[30688:0] info: resolving yellowfield.in. DS IN
Jun 13 20:15:23 unbound[30688:0] info: priming . IN NS
Jun 13 20:15:23 unbound[30688:0] info: response for . NS IN
Jun 13 20:15:23 unbound[30688:0] info: reply from <.> 2001:500:12::d0d#53
Jun 13 20:15:23 unbound[30688:0] info: query response was ANSWER
Jun 13 20:15:23 unbound[30688:0] info: priming successful for . NS IN
Jun 13 20:15:23 unbound[30688:0] info: response for yellowfield.in. DS IN
Jun 13 20:15:23 unbound[30688:0] info: reply from <.> 2001:500:2::c#53
Jun 13 20:15:23 unbound[30688:0] info: query response was REFERRAL
Jun 13 20:15:23 unbound[30688:0] info: response for yellowfield.in. DS IN
Jun 13 20:15:23 unbound[30688:0] info: reply from <in.> 199.253.56.1#53
Jun 13 20:15:23 unbound[30688:0] info: query response was nodata ANSWER
Jun 13 20:15:23 unbound[30688:0] info: NSEC3s for the referral proved no DS.
Jun 13 20:15:23 unbound[30688:0] info: Verified that unsigned response is INSECURE
Jun 13 20:15:23 unbound[30688:0] info: prime trust anchor
Jun 13 20:15:23 unbound[30688:0] info: resolving . DNSKEY IN
Jun 13 20:15:23 unbound[30688:0] info: resolving _ta-4a5c-4f66. NULL IN
Jun 13 20:15:23 unbound[30688:0] info: response for _ta-4a5c-4f66. NULL IN
Jun 13 20:15:23 unbound[30688:0] info: reply from <.> 2001:503:c27::2:30#53
Jun 13 20:15:23 unbound[30688:0] info: query response was NXDOMAIN ANSWER
Jun 13 20:15:23 unbound[30688:0] info: response for . DNSKEY IN
Jun 13 20:15:23 unbound[30688:0] info: reply from <.> 192.36.148.17#53
Jun 13 20:15:23 unbound[30688:0] info: query response was ANSWER
Jun 13 20:15:23 unbound[30688:0] info: validate keys with anchor(DS): sec_status_secure
Jun 13 20:15:23 unbound[30688:0] info: Successfully primed trust anchor . DNSKEY IN
Jun 13 20:15:23 unbound[30688:0] info: resolving net. DS IN
Jun 13 20:15:24 unbound[30688:0] info: response for net. DS IN
Jun 13 20:15:24 unbound[30688:0] info: reply from <.> 199.7.83.42#53
Jun 13 20:15:24 unbound[30688:0] info: query response was ANSWER
Jun 13 20:15:24 unbound[30688:0] info: validated DS net. DS IN
Jun 13 20:15:24 unbound[30688:0] info: resolving net. DNSKEY IN
Jun 13 20:15:24 unbound[30688:0] info: priming . IN NS
Jun 13 20:15:24 unbound[30688:0] info: response for . NS IN
Jun 13 20:15:24 unbound[30688:0] info: reply from <.> 193.0.14.129#53
Jun 13 20:15:24 unbound[30688:0] info: query response was ANSWER
Jun 13 20:15:24 unbound[30688:0] info: priming successful for . NS IN
Jun 13 20:15:24 unbound[30688:0] info: response for net. DNSKEY IN
Jun 13 20:15:24 unbound[30688:0] info: reply from <.> 192.33.4.12#53
Jun 13 20:15:24 unbound[30688:0] info: query response was REFERRAL
Jun 13 20:15:24 unbound[30688:0] info: response for net. DNSKEY IN
Jun 13 20:15:24 unbound[30688:0] info: reply from <net.> 2001:503:231d::2:30#53
Jun 13 20:15:24 unbound[30688:0] info: query response was ANSWER
Jun 13 20:15:24 unbound[30688:0] info: validated DNSKEY net. DNSKEY IN
Jun 13 20:15:24 unbound[30688:0] info: resolving chandraworld.net. DS IN
Jun 13 20:15:24 unbound[30688:0] info: response for chandraworld.net. DS IN
Jun 13 20:15:24 unbound[30688:0] info: reply from <net.> 192.26.92.30#53
Jun 13 20:15:24 unbound[30688:0] info: query response was nodata ANSWER
Jun 13 20:15:24 unbound[30688:0] info: NSEC3s for the referral proved no DS.
Jun 13 20:15:24 unbound[30688:0] info: Verified that unsigned response is INSECURE
@sikemullivan
Copy link

sikemullivan commented Sep 20, 2018
edited

Same thing for me. I'm using Godaddy

@shahasachin
Copy link

I am also getting same error...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@pu-sh @shahasachin @sikemullivan