Skip to content

dns-01 validation not working #345

New issue
New issue
Open
Open
dns-01 validation not working#345
@pu-sh

Description

@pu-sh
pu-sh
opened on Jun 13, 2018

Hi,

I'm trying to validate www.yellowfield.in using the dns-01 challenge with a manual handler.

***********Background info:

  1. OS - Windows 10
  2. Domain registrar - Namecheap
  3. Site hosted on - Lunarpages.com

***********Commands I typed:

  1. New-ACMEIdentifier -Dns www.yellowfield.in -Alias yellowfield_14Jun18_06

  2. Complete-ACMEChallenge yellowfield_14Jun18_06 -ChallengeType dns-01 -Handler manual

  3. (Update-ACMEIdentifier yellowfield_14Jun18_06 -ChallengeType dns-01).Challenges | Where-Object {$_.Type -eq "dns-01"}
    ==== At this point of time, I went to the Namecheap website and edited my DNS records to create a TXT record with the information I got from the Update-ACME command and input name=_acme-challenge.www.yellowfield.in and value=rMDD-cinTJvCSqQkbX6qj3rm44VjmpfL_FgYIPPjFNs ==== I then waited for a minute ====

  4. Submit-ACMEChallenge yellowfield_14Jun18_06 -ChallengeType dns-01
    IdentifierPart : ACMESharp.Messages.IdentifierPart
    IdentifierType : dns
    Identifier : www.yellowfield.in
    Uri : https://acme-v01.api.letsencrypt.org/acme/authz/xUOJ9mL3dObpgwEGxztwQjv65MAcZALBBhczaRf_taA
    Status : pending
    Expires : 20-06-18 19:55:29
    Challenges : {, manual}
    Combinations : {1, 0}

  5. (Update-ACMEIdentifier yellowfield_14Jun18_06 -ChallengeType dns-01).Challenges | Where-Object {$_.Type -eq "dns-01"}
    ChallengePart : ACMESharp.Messages.ChallengePart
    Challenge : ACMESharp.ACME.DnsChallenge
    Type : dns-01
    Uri : https://acme-v01.api.letsencrypt.org/acme/challenge/xUOJ9mL3dObpgwEGxztwQjv65MAcZALBBhczaRf_taA/5096468866
    Token : MNsSiNILvAD0NItWtZFShqOOi1RNSO-6UTuLuB4TNBE
    Status : invalid
    OldChallengeAnswer : [, ]
    ChallengeAnswerMessage :
    HandlerName : manual
    HandlerHandleDate : 14-06-18 01:22:40
    HandlerHandleMessage : == Manual Challenge Handler - DNS ==
    * Handle Time: [14-06-18 01:22:40]
    * Challenge Token: [MNsSiNILvAD0NItWtZFShqOOi1RNSO-6UTuLuB4TNBE]

                      To complete this Challenge please create a new Resource
                  Record (RR) with the following characteristics:
                    * RR Type:  [TXT]
                    * RR Name:  [_acme-challenge.www.yellowfield.in]
                    * RR Value: [rMDD-cinTJvCSqQkbX6qj3rm44VjmpfL_FgYIPPjFNs]
                  ------------------------------------

***********Error message on this link: https://acme-v01.api.letsencrypt.org/acme/challenge/xUOJ9mL3dObpgwEGxztwQjv65MAcZALBBhczaRf_taA/5096468866
{
"type": "dns-01",
"status": "invalid",
"error": {
"type": "urn:acme:error:dns",
"detail": "DNS problem: NXDOMAIN looking up TXT for _acme-challenge.www.yellowfield.in",
"status": 400
},
"uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/xUOJ9mL3dObpgwEGxztwQjv65MAcZALBBhczaRf_taA/5096468866",
"token": "MNsSiNILvAD0NItWtZFShqOOi1RNSO-6UTuLuB4TNBE",
"keyAuthorization": "MNsSiNILvAD0NItWtZFShqOOi1RNSO-6UTuLuB4TNBE.x_Y2HCnlvbg-5_EwQztllwj57Zh_Evm_1AgbFTpNP5k"
}

***********There is no DNSSec issue as my domain does not have DNSSec enabled

***********I've tried using unboundtest.com. Output of unboundtest.com given below:

Query results for TXT www.yellowfield.in

Response:
;; opcode: QUERY, status: NOERROR, id: 57025
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;www.yellowfield.in. IN TXT

;; ANSWER SECTION:
www.yellowfield.in. 1800 IN CNAME yellowfield.chandraworld.net.

;; AUTHORITY SECTION:
chandraworld.net. 0 IN SOA ns1.lunarpages.com. alerts.lunarpages.com. 2018060200 14400 7200 3600000 86400

----- Unbound logs -----
Jun 13 20:15:21 unbound[30688:0] notice: init module 0: validator
Jun 13 20:15:21 unbound[30688:0] notice: init module 1: iterator
Jun 13 20:15:21 unbound[30688:0] info: start of service (unbound 1.6.7).
Jun 13 20:15:22 unbound[30688:0] info: 127.0.0.1 www.yellowfield.in. TXT IN
Jun 13 20:15:22 unbound[30688:0] info: resolving www.yellowfield.in. TXT IN
Jun 13 20:15:22 unbound[30688:0] info: priming . IN NS
Jun 13 20:15:22 unbound[30688:0] info: response for . NS IN
Jun 13 20:15:22 unbound[30688:0] info: reply from <.> 192.112.36.4#53
Jun 13 20:15:22 unbound[30688:0] info: query response was ANSWER
Jun 13 20:15:22 unbound[30688:0] info: priming successful for . NS IN
Jun 13 20:15:22 unbound[30688:0] info: response for www.yellowfield.in. TXT IN
Jun 13 20:15:22 unbound[30688:0] info: reply from <.> 192.33.4.12#53
Jun 13 20:15:22 unbound[30688:0] info: query response was REFERRAL
Jun 13 20:15:22 unbound[30688:0] info: response for www.yellowfield.in. TXT IN
Jun 13 20:15:22 unbound[30688:0] info: reply from <in.> 199.253.56.1#53
Jun 13 20:15:22 unbound[30688:0] info: query response was REFERRAL
Jun 13 20:15:22 unbound[30688:0] info: resolving dns1.registrar-servers.com. AAAA IN
Jun 13 20:15:22 unbound[30688:0] info: resolving dns2.registrar-servers.com. A IN
Jun 13 20:15:22 unbound[30688:0] info: resolving dns2.registrar-servers.com. AAAA IN
Jun 13 20:15:22 unbound[30688:0] info: resolving dns1.registrar-servers.com. A IN
Jun 13 20:15:22 unbound[30688:0] info: response for dns2.registrar-servers.com. AAAA IN
Jun 13 20:15:22 unbound[30688:0] info: reply from <.> 192.5.5.241#53
Jun 13 20:15:22 unbound[30688:0] info: query response was REFERRAL
Jun 13 20:15:22 unbound[30688:0] info: response for dns1.registrar-servers.com. A IN
Jun 13 20:15:22 unbound[30688:0] info: reply from <.> 192.203.230.10#53
Jun 13 20:15:22 unbound[30688:0] info: query response was REFERRAL
Jun 13 20:15:22 unbound[30688:0] info: response for dns1.registrar-servers.com. AAAA IN
Jun 13 20:15:22 unbound[30688:0] info: reply from <.> 2001:503:c27::2:30#53
Jun 13 20:15:22 unbound[30688:0] info: query response was REFERRAL
Jun 13 20:15:22 unbound[30688:0] info: response for dns1.registrar-servers.com. AAAA IN
Jun 13 20:15:22 unbound[30688:0] info: reply from <com.> 2001:503:eea3::30#53
Jun 13 20:15:22 unbound[30688:0] info: query response was REFERRAL
Jun 13 20:15:22 unbound[30688:0] info: response for dns1.registrar-servers.com. AAAA IN
Jun 13 20:15:22 unbound[30688:0] info: reply from <registrar-servers.com.> 209.112.113.33#53
Jun 13 20:15:22 unbound[30688:0] info: query response was ANSWER
Jun 13 20:15:22 unbound[30688:0] info: response for dns2.registrar-servers.com. A IN
Jun 13 20:15:22 unbound[30688:0] info: reply from <.> 199.7.83.42#53
Jun 13 20:15:22 unbound[30688:0] info: query response was REFERRAL
Jun 13 20:15:22 unbound[30688:0] info: response for www.yellowfield.in. TXT IN
Jun 13 20:15:22 unbound[30688:0] info: reply from <yellowfield.in.> 2620:74:19::33#53
Jun 13 20:15:22 unbound[30688:0] info: query response was CNAME
Jun 13 20:15:22 unbound[30688:0] info: resolving www.yellowfield.in. TXT IN
Jun 13 20:15:22 unbound[30688:0] info: response for www.yellowfield.in. TXT IN
Jun 13 20:15:22 unbound[30688:0] info: reply from <.> 2001:503:c27::2:30#53
Jun 13 20:15:22 unbound[30688:0] info: query response was REFERRAL
Jun 13 20:15:22 unbound[30688:0] info: response for dns2.registrar-servers.com. AAAA IN
Jun 13 20:15:22 unbound[30688:0] info: reply from <com.> 192.55.83.30#53
Jun 13 20:15:22 unbound[30688:0] info: query response was REFERRAL
Jun 13 20:15:22 unbound[30688:0] info: response for dns2.registrar-servers.com. AAAA IN
Jun 13 20:15:22 unbound[30688:0] info: reply from <registrar-servers.com.> 2001:500:7967::2:33#53
Jun 13 20:15:22 unbound[30688:0] info: query response was ANSWER
Jun 13 20:15:22 unbound[30688:0] info: response for dns2.registrar-servers.com. A IN
Jun 13 20:15:22 unbound[30688:0] info: reply from <com.> 2001:501:b1f9::30#53
Jun 13 20:15:22 unbound[30688:0] info: query response was REFERRAL
Jun 13 20:15:22 unbound[30688:0] info: response for www.yellowfield.in. TXT IN
Jun 13 20:15:22 unbound[30688:0] info: reply from <net.> 192.54.112.30#53
Jun 13 20:15:22 unbound[30688:0] info: query response was REFERRAL
Jun 13 20:15:22 unbound[30688:0] info: resolving ns1.lunarpages.com. AAAA IN
Jun 13 20:15:22 unbound[30688:0] info: resolving ns2.lunarpages.com. A IN
Jun 13 20:15:22 unbound[30688:0] info: resolving ns2.lunarpages.com. AAAA IN
Jun 13 20:15:22 unbound[30688:0] info: resolving ns1.lunarpages.com. A IN
Jun 13 20:15:22 unbound[30688:0] info: response for ns2.lunarpages.com. A IN
Jun 13 20:15:22 unbound[30688:0] info: reply from <com.> 2001:502:1ca1::30#53
Jun 13 20:15:22 unbound[30688:0] info: query response was REFERRAL
Jun 13 20:15:22 unbound[30688:0] info: resolving ns2.lunarfo.com. AAAA IN
Jun 13 20:15:22 unbound[30688:0] info: resolving ns1.lunarfo.com. AAAA IN
Jun 13 20:15:22 unbound[30688:0] info: response for ns2.lunarpages.com. AAAA IN
Jun 13 20:15:22 unbound[30688:0] info: reply from <com.> 2001:503:d414::30#53
Jun 13 20:15:22 unbound[30688:0] info: query response was REFERRAL
Jun 13 20:15:22 unbound[30688:0] info: response for ns1.lunarfo.com. AAAA IN
Jun 13 20:15:22 unbound[30688:0] info: reply from <com.> 192.5.6.30#53
Jun 13 20:15:22 unbound[30688:0] info: query response was REFERRAL
Jun 13 20:15:22 unbound[30688:0] info: response for ns2.lunarpages.com. AAAA IN
Jun 13 20:15:22 unbound[30688:0] info: reply from <lunarpages.com.> 64.50.177.50#53
Jun 13 20:15:22 unbound[30688:0] info: query response was nodata ANSWER
Jun 13 20:15:22 unbound[30688:0] info: response for ns2.lunarpages.com. A IN
Jun 13 20:15:22 unbound[30688:0] info: reply from <lunarpages.com.> 64.50.177.50#53
Jun 13 20:15:22 unbound[30688:0] info: query response was ANSWER
Jun 13 20:15:22 unbound[30688:0] info: response for ns1.lunarpages.com. A IN
Jun 13 20:15:22 unbound[30688:0] info: reply from <com.> 2001:500:d937::30#53
Jun 13 20:15:22 unbound[30688:0] info: query response was REFERRAL
Jun 13 20:15:22 unbound[30688:0] info: response for ns1.lunarfo.com. AAAA IN
Jun 13 20:15:22 unbound[30688:0] info: reply from <lunarfo.com.> 67.210.96.101#53
Jun 13 20:15:22 unbound[30688:0] info: query response was nodata ANSWER
Jun 13 20:15:22 unbound[30688:0] info: response for ns1.lunarpages.com. AAAA IN
Jun 13 20:15:22 unbound[30688:0] info: reply from <com.> 192.43.172.30#53
Jun 13 20:15:22 unbound[30688:0] info: query response was REFERRAL
Jun 13 20:15:22 unbound[30688:0] info: resolving ns1.lunarfo.com. AAAA IN
Jun 13 20:15:22 unbound[30688:0] info: response for ns2.lunarfo.com. AAAA IN
Jun 13 20:15:22 unbound[30688:0] info: reply from <com.> 192.48.79.30#53
Jun 13 20:15:22 unbound[30688:0] info: query response was REFERRAL
Jun 13 20:15:22 unbound[30688:0] info: response for www.yellowfield.in. TXT IN
Jun 13 20:15:22 unbound[30688:0] info: reply from <chandraworld.net.> 216.227.215.2#53
Jun 13 20:15:22 unbound[30688:0] info: query response was nodata ANSWER
Jun 13 20:15:22 unbound[30688:0] info: prime trust anchor
Jun 13 20:15:22 unbound[30688:0] info: resolving . DNSKEY IN
Jun 13 20:15:22 unbound[30688:0] info: resolving _ta-4a5c-4f66. NULL IN
Jun 13 20:15:22 unbound[30688:0] info: response for . DNSKEY IN
Jun 13 20:15:22 unbound[30688:0] info: reply from <.> 192.5.5.241#53
Jun 13 20:15:22 unbound[30688:0] info: query response was ANSWER
Jun 13 20:15:22 unbound[30688:0] info: validate keys with anchor(DS): sec_status_secure
Jun 13 20:15:22 unbound[30688:0] info: Successfully primed trust anchor . DNSKEY IN
Jun 13 20:15:22 unbound[30688:0] info: validated DS in. DS IN
Jun 13 20:15:22 unbound[30688:0] info: resolving in. DNSKEY IN
Jun 13 20:15:22 unbound[30688:0] info: response for _ta-4a5c-4f66. NULL IN
Jun 13 20:15:22 unbound[30688:0] info: reply from <.> 2001:500:a8::e#53
Jun 13 20:15:22 unbound[30688:0] info: query response was NXDOMAIN ANSWER
Jun 13 20:15:22 unbound[30688:0] info: response for ns1.lunarpages.com. A IN
Jun 13 20:15:22 unbound[30688:0] info: reply from <lunarpages.com.> 67.210.96.101#53
Jun 13 20:15:22 unbound[30688:0] info: query response was ANSWER
Jun 13 20:15:22 unbound[30688:0] info: response for ns1.lunarpages.com. AAAA IN
Jun 13 20:15:22 unbound[30688:0] info: reply from <lunarpages.com.> 67.210.96.101#53
Jun 13 20:15:22 unbound[30688:0] info: query response was nodata ANSWER
Jun 13 20:15:22 unbound[30688:0] info: response for ns1.lunarfo.com. AAAA IN
Jun 13 20:15:22 unbound[30688:0] info: reply from <lunarfo.com.> 67.210.96.101#53
Jun 13 20:15:22 unbound[30688:0] info: query response was nodata ANSWER
Jun 13 20:15:22 unbound[30688:0] info: response for ns2.lunarfo.com. AAAA IN
Jun 13 20:15:22 unbound[30688:0] info: reply from <lunarfo.com.> 64.50.177.50#53
Jun 13 20:15:22 unbound[30688:0] info: query response was nodata ANSWER
Jun 13 20:15:22 unbound[30688:0] info: response for dns1.registrar-servers.com. A IN
Jun 13 20:15:22 unbound[30688:0] info: reply from <com.> 2001:502:7094::30#53
Jun 13 20:15:22 unbound[30688:0] info: query response was REFERRAL
Jun 13 20:15:22 unbound[30688:0] info: response for dns1.registrar-servers.com. A IN
Jun 13 20:15:22 unbound[30688:0] info: reply from <registrar-servers.com.> 209.112.113.33#53
Jun 13 20:15:22 unbound[30688:0] info: query response was ANSWER
Jun 13 20:15:22 unbound[30688:0] info: response for dns2.registrar-servers.com. A IN
Jun 13 20:15:22 unbound[30688:0] info: reply from <registrar-servers.com.> 2001:502:cbe4::33#53
Jun 13 20:15:22 unbound[30688:0] info: query response was ANSWER
Jun 13 20:15:23 unbound[30688:0] info: response for in. DNSKEY IN
Jun 13 20:15:23 unbound[30688:0] info: reply from <in.> 2001:4528:fff:13::142#53
Jun 13 20:15:23 unbound[30688:0] info: query response was ANSWER
Jun 13 20:15:23 unbound[30688:0] info: validated DNSKEY in. DNSKEY IN
Jun 13 20:15:23 unbound[30688:0] info: resolving yellowfield.in. DS IN
Jun 13 20:15:23 unbound[30688:0] info: priming . IN NS
Jun 13 20:15:23 unbound[30688:0] info: response for . NS IN
Jun 13 20:15:23 unbound[30688:0] info: reply from <.> 2001:500:12::d0d#53
Jun 13 20:15:23 unbound[30688:0] info: query response was ANSWER
Jun 13 20:15:23 unbound[30688:0] info: priming successful for . NS IN
Jun 13 20:15:23 unbound[30688:0] info: response for yellowfield.in. DS IN
Jun 13 20:15:23 unbound[30688:0] info: reply from <.> 2001:500:2::c#53
Jun 13 20:15:23 unbound[30688:0] info: query response was REFERRAL
Jun 13 20:15:23 unbound[30688:0] info: response for yellowfield.in. DS IN
Jun 13 20:15:23 unbound[30688:0] info: reply from <in.> 199.253.56.1#53
Jun 13 20:15:23 unbound[30688:0] info: query response was nodata ANSWER
Jun 13 20:15:23 unbound[30688:0] info: NSEC3s for the referral proved no DS.
Jun 13 20:15:23 unbound[30688:0] info: Verified that unsigned response is INSECURE
Jun 13 20:15:23 unbound[30688:0] info: prime trust anchor
Jun 13 20:15:23 unbound[30688:0] info: resolving . DNSKEY IN
Jun 13 20:15:23 unbound[30688:0] info: resolving _ta-4a5c-4f66. NULL IN
Jun 13 20:15:23 unbound[30688:0] info: response for _ta-4a5c-4f66. NULL IN
Jun 13 20:15:23 unbound[30688:0] info: reply from <.> 2001:503:c27::2:30#53
Jun 13 20:15:23 unbound[30688:0] info: query response was NXDOMAIN ANSWER
Jun 13 20:15:23 unbound[30688:0] info: response for . DNSKEY IN
Jun 13 20:15:23 unbound[30688:0] info: reply from <.> 192.36.148.17#53
Jun 13 20:15:23 unbound[30688:0] info: query response was ANSWER
Jun 13 20:15:23 unbound[30688:0] info: validate keys with anchor(DS): sec_status_secure
Jun 13 20:15:23 unbound[30688:0] info: Successfully primed trust anchor . DNSKEY IN
Jun 13 20:15:23 unbound[30688:0] info: resolving net. DS IN
Jun 13 20:15:24 unbound[30688:0] info: response for net. DS IN
Jun 13 20:15:24 unbound[30688:0] info: reply from <.> 199.7.83.42#53
Jun 13 20:15:24 unbound[30688:0] info: query response was ANSWER
Jun 13 20:15:24 unbound[30688:0] info: validated DS net. DS IN
Jun 13 20:15:24 unbound[30688:0] info: resolving net. DNSKEY IN
Jun 13 20:15:24 unbound[30688:0] info: priming . IN NS
Jun 13 20:15:24 unbound[30688:0] info: response for . NS IN
Jun 13 20:15:24 unbound[30688:0] info: reply from <.> 193.0.14.129#53
Jun 13 20:15:24 unbound[30688:0] info: query response was ANSWER
Jun 13 20:15:24 unbound[30688:0] info: priming successful for . NS IN
Jun 13 20:15:24 unbound[30688:0] info: response for net. DNSKEY IN
Jun 13 20:15:24 unbound[30688:0] info: reply from <.> 192.33.4.12#53
Jun 13 20:15:24 unbound[30688:0] info: query response was REFERRAL
Jun 13 20:15:24 unbound[30688:0] info: response for net. DNSKEY IN
Jun 13 20:15:24 unbound[30688:0] info: reply from <net.> 2001:503:231d::2:30#53
Jun 13 20:15:24 unbound[30688:0] info: query response was ANSWER
Jun 13 20:15:24 unbound[30688:0] info: validated DNSKEY net. DNSKEY IN
Jun 13 20:15:24 unbound[30688:0] info: resolving chandraworld.net. DS IN
Jun 13 20:15:24 unbound[30688:0] info: response for chandraworld.net. DS IN
Jun 13 20:15:24 unbound[30688:0] info: reply from <net.> 192.26.92.30#53
Jun 13 20:15:24 unbound[30688:0] info: query response was nodata ANSWER
Jun 13 20:15:24 unbound[30688:0] info: NSEC3s for the referral proved no DS.
Jun 13 20:15:24 unbound[30688:0] info: Verified that unsigned response is INSECURE

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions