VPS侦探论坛 › LNMP一键安装包 › 错误提示：Verify error:DNS problem: NXDOMAIN looking up TXT

vBin 发表于 2018-8-1 00:50:44

错误提示：Verify error:DNS problem: NXDOMAIN looking up TXT

安装的Lnmp1.5版本，但是在配置SSL时（参考：Let'sEncrypt 免费通配符/泛域名SSL证书添加使用教程）出错。Linode之前Export全部操作过，通过执行脚本的过程中，刷新DNS Manager可以清楚看到 新建了两条 “TXT Record”记录。
但是不知道为什么，就是120秒后就是验证不过去。 明明TXT记录已经建立，为什么就提示找不到呢？
请问类似问题该如何解决？谢谢~

过程信息见下方（详细日志中也就是下面标红的错误信息，其它均正常）：
Starting create SSL Certificate use Let's Encrypt...
Multi domain='DNS:yaobin.com,DNS:*.yaobin.com'
Getting domain auth token for each domain
Getting webroot for domain='yaobin.com'
Getting webroot for domain='*.yaobin.com'
Found domain api file: /usr/local/acme.sh/dnsapi/dns_linode.sh
Using Linode
Domain resource successfully added.
Found domain api file: /usr/local/acme.sh/dnsapi/dns_linode.sh
Using Linode
Domain resource successfully added.
Sleep 120 seconds for the txt records to take effect
Verifying:yaobin.com
yaobin.com:Verify error:DNS problem: NXDOMAIN looking up TXT for _acme-challenge.yaobin.com
Removing DNS records.
Using Linode
Domain resource successfully deleted.
Using Linode
Domain resource successfully deleted.
Please check log file for more details: /usr/loca l/acme.sh/acme.sh.log
Let's Encrypt SSL Certificate create failed!

licess 发表于 2018-8-1 08:47:44

自己收到添加可能有错或不符合要求，建议使用api

vBin 发表于 2018-8-1 11:30:26

原帖由 licess 于 2018-8-1 08:47 发表 http://bbs.vpser.net/images/common/back.gif
自己收到添加可能有错或不符合要求，建议使用api
是通过API LNMP自动录入进去的。
我只是在他录入后，刷新了一下DNS后台，验证他确实录进去了。

通过看1楼的日志，整个的API过程是很顺利的，问题是出在，通过API增加了2条TXT记录后，在验证时无法验证通过。
我不知道这个验证是不是VPS主机验证？还是官方某个网站验证？
如果VPS主机验证的，是不是我更新一下DNS能好一些？

licess 发表于 2018-8-1 16:59:25

回复 3# 的帖子

发前面错误提示的acme.sh.log日志看一下
看一下linode后台上是否已经有了 _acme-challenge. 记录，有了的话先删掉

realaaaaa 发表于 2018-8-1 18:39:29

遇到类似的问题，其他域名都没问题，有一个域名死都配置不是行，提示txt 记录丢失。但是用dig 查看txt记录是正确的，手工去生成ssl也这样，txt记录用第三方网站都可以查询到。
感觉这个有dns cache 不知道怎么强制更新

vBin 发表于 2018-8-1 20:18:10

原帖由 licess 于 2018-8-1 16:59 发表 http://bbs.vpser.net/images/common/back.gif
发前面错误提示的acme.sh.log日志看一下
看一下linode后台上是否已经有了 _acme-challenge. 记录，有了的话先删掉
后台没有 _acme-challenge 这个记录。验证失败后，acme都会自动将通过api建立的txt记录删除掉，也没有遗留。
日志下见方。（注：相关的key数据，我进行了混淆。）


_main_domain='yaobin.com'
_alt_domains='*.yaobin.com'
Using config home:/usr/local/acme.sh
ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
DOMAIN_PATH='/usr/local/nginx/conf/ssl/yaobin.com'
Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/directory
_init api for server: https://acme-v02.api.letsencrypt.org/directory
GET
url='https://acme-v02.api.letsencrypt.org/directory'
timeout=
_CURL='curl -L --silent --dump-header /usr/local/acme.sh/http.header-g '
ret='0'
ACME_KEY_CHANGE='https://acme-v02.api.letsencrypt.org/acme/key-change'
ACME_NEW_AUTHZ
ACME_NEW_ORDER='https://acme-v02.api.letsencrypt.org/acme/new-order'
ACME_NEW_ACCOUNT='https://acme-v02.api.letsencrypt.org/acme/new-acct'
ACME_REVOKE_CERT='https://acme-v02.api.letsencrypt.org/acme/revoke-cert'
ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'
ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
ACME_VERSION='2'
Le_NextRenewTime
_on_before_issue
_chk_main_domain='yaobin.com'
_chk_alt_domains='*.yaobin.com'
Le_LocalAddress
d='yaobin.com'
Check for domain='yaobin.com'
_currentRoot='dns_linode'
d='*.yaobin.com'
Check for domain='*.yaobin.com'
_currentRoot='dns_linode'
d
_saved_account_key_hash is not changed, skip register account.
Read key length:
_createcsr
Multi domain='DNS:yaobin.com,DNS:*.yaobin.com'
Getting domain auth token for each domain
d='*.yaobin.com'
d
url='https://acme-v02.api.letsencrypt.org/acme/new-order'
payload='{"identifiers": [{"type":"dns","value":"yaobin.com"},{"type":"dns","value":"*.yaobin.com"}]}'
RSA key
HEAD
_post_url='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
_CURL='curl -L --silent --dump-header /usr/local/acme.sh/http.header-g '
_ret='0'
POST
_post_url='https://acme-v02.api.letsencrypt.org/acme/new-order'
_CURL='curl -L --silent --dump-header /usr/local/acme.sh/http.header-g '
_ret='0'
code='201'
Le_OrderFinalize='https://acme-v02.api.letsencrypt.org/acme/finalize/39358317/26253967'
GET
url='https://acme-v02.api.letsencrypt.org/acme/authz/-ZDOGxosgC2EHH9RVcn4Xbk3PEMW9LYwTtJc80aM1GM'
timeout=
_CURL='curl -L --silent --dump-header /usr/local/acme.sh/http.header-g '
ret='0'
GET
url='https://acme-v02.api.letsencrypt.org/acme/authz/9TIdf2dyY0CPOSrh1cneXusBJPuDmVKIXGKmf7hdt7k'
timeout=
_CURL='curl -L --silent --dump-header /usr/local/acme.sh/http.header-g '
ret='0'
d='yaobin.com'
Getting webroot for domain='yaobin.com'
_w='dns_linode'
_currentRoot='dns_linode'
entry='"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/challenge/9TIdf2dyY0CPOSrh1cneXusBJPuDmVKIXGKmf7hdt7k/6078679443","token":"Yu_-wnOTpalrwxxx_QaU5mlADxTN2FSdohmJEn3Tvkk"'
token='Yu_-wnOTpalrwxxx_QaU5mlADxTN2FSdohmJEn3Tvkk'
uri='https://acme-v02.api.letsencrypt.org/acme/challenge/9TIdf2dyY0CPOSrh1cneXusBJPuDmVKIXGKmf7hdt7k/6078679443'
keyauthorization='Yu_-wnOTpalrwxxx_QaU5mlADxTN2FSdohmJEn3Tvkk.YqW3S_O-0qqNnc8DOoudRWA1iWt8j7hdfhqGyuwgH0c'
dvlist='yaobin.com#Yu_-wnOTpalrwxxx_QaU5mlADxTN2FSdohmJEn3Tvkk.YqW3S_O-0qqNnc8DOoudRWA1iWt8j7hdfhqGyuwgH0c#https://acme-v02.api.letsencrypt.org/acme/challenge/9TIdf2dyY0CPOSrh1cneXusBJPuDmVKIXGKmf7hdt7k/6078679443#dns-01#dns_linode'
d='*.yaobin.com'
Getting webroot for domain='*.yaobin.com'
_w='dns_linode'
_currentRoot='dns_linode'
entry='"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/challenge/-ZDOGxosgC2EHH9RVcn4Xbk3PEMW9LYwTtJc80aM1GM/6078679440","token":"CUWr6AQSMJb6dIR4C_aFVnBUDqc3iYmTPq5xQTT_4SU"'
token='CUWr6AQSMJb6dIR4C_aFVnBUDqc3iYmTPq5xQTT_4SU'
uri='https://acme-v02.api.letsencrypt.org/acme/challenge/-ZDOGxosgC2EHH9RVcn4Xbk3PEMW9LYwTtJc80aM1GM/6078679440'
keyauthorization='CUWr6AQSMJb6dIR4C_aFVnBUDqc3iYmTPq5xQTT_4SU.YqW3S_O-0qqNnc8DOoudRWA1iWt8j7hdfhqGyuwgH0c'
dvlist='*.yaobin.com#CUWr6AQSMJb6dIR4C_aFVnBUDqc3iYmTPq5xQTT_4SU.YqW3S_O-0qqNnc8DOoudRWA1iWt8j7hdfhqGyuwgH0c#https://acme-v02.api.letsencrypt.org/acme/challenge/-ZDOGxosgC2EHH9RVcn4Xbk3PEMW9LYwTtJc80aM1GM/6078679440#dns-01#dns_linode'
d
vlist='yaobin.com#Yu_-wnOTpalrwxxx_QaU5mlADxTN2FSdohmJEn3Tvkk.YqW3S_O-0qqNnc8DOoudRWA1iWt8j7hdfhqGyuwgH0c#https://acme-v02.api.letsencrypt.org/acme/challenge/9TIdf2dyY0CPOSrh1cneXusBJPuDmVKIXGKmf7hdt7k/6078679443#dns-01#dns_linode,*.yaobin.com#CUWr6AQSMJb6dIR4C_aFVnBUDqc3iYmTPq5xQTT_4SU.YqW3S_O-0qqNnc8DOoudRWA1iWt8j7hdfhqGyuwgH0c#https://acme-v02.api.letsencrypt.org/acme/challenge/-ZDOGxosgC2EHH9RVcn4Xbk3PEMW9LYwTtJc80aM1GM/6078679440#dns-01#dns_linode,'
d='yaobin.com'
_d_alias
txtdomain='_acme-challenge.yaobin.com'
txt='TRFMXFVTyXtoux3Yww8YjHBYyN5421xg48etqIb971A'
d_api='/usr/local/acme.sh/dnsapi/dns_linode.sh'
Found domain api file: /usr/local/acme.sh/dnsapi/dns_linode.sh
Using Linode
Calling: dns_linode_add() '_acme-challenge.yaobin.com' 'TRFMXFVTyXtoux3Yww8YjHBYyN5421xg48etqIb971A'
First detect the root zone
mtd='GET'
ep='domain.list'
GET
url='https://api.linode.com/?api_key=Pqd2wdqWHOZJLi3EgVs12rGnBjYP7o9ndZXsVtCDazMLR1adlecL1aMMpNPA1qSG&api_action=domain.list'
timeout=
_CURL='curl -L --silent --dump-header /usr/local/acme.sh/http.header-g '
ret='0'
h='yaobin.com'
_domain_id='1099632'
_sub_domain='_acme-challenge'
_domain='yaobin.com'
mtd='GET'
ep='domain.resource.create'
GET
url='https://api.linode.com/?api_key=Pqd2wdqWHOZJLi3EgVs12rGnBjYP7o9ndZXsVtCDazMLR1adlecL1aMMpNPA1qSG&api_action=domain.resource.create&DomainID=1099632&Type=TXT&Name=_acme-challenge&Target=TRFMXFVTyXtoux3Yww8YjHBYyN5421xg48etqIb971A'

vBin 发表于 2018-8-1 20:18:50

timeout=
_CURL='curl -L --silent --dump-header /usr/local/acme.sh/http.header-g '
ret='0'
_resource_id='10493470'
Domain resource successfully added.
d='*.yaobin.com'
_d_alias
txtdomain='_acme-challenge.yaobin.com'
txt='PMiGVTS8qKN_2NvGic1077mALxXTMhPKszos7HJEZrI'
d_api='/usr/local/acme.sh/dnsapi/dns_linode.sh'
Found domain api file: /usr/local/acme.sh/dnsapi/dns_linode.sh
Using Linode
Calling: dns_linode_add() '_acme-challenge.yaobin.com' 'PMiGVTS8qKN_2NvGic1077mALxXTMhPKszos7HJEZrI'
First detect the root zone
mtd='GET'
ep='domain.list'
GET
url='https://api.linode.com/?api_key=Pqd2wdqWHOZJLi3EgVs12rGnBjYP7o9ndZXsVtCDazMLR1adlecL1aMMpNPA1qSG&api_action=domain.list'
timeout=
_CURL='curl -L --silent --dump-header /usr/local/acme.sh/http.header-g '
ret='0'
h='yaobin.com'
_domain_id='1099632'
_sub_domain='_acme-challenge'
_domain='yaobin.com'
mtd='GET'
ep='domain.resource.create'
GET
url='https://api.linode.com/?api_key=Pqd2wdqWHOZJLi3EgVs12rGnBjYP7o9ndZXsVtCDazMLR1adlecL1aMMpNPA1qSG&api_action=domain.resource.create&DomainID=1099632&Type=TXT&Name=_acme-challenge&Target=PMiGVTS8qKN_2NvGic1077mALxXTMhPKszos7HJEZrI'
timeout=
_CURL='curl -L --silent --dump-header /usr/local/acme.sh/http.header-g '
ret='0'
_resource_id='10481480'
Domain resource successfully added.
Sleep 120 seconds for the txt records to take effect
ok, let's start to verify
Verifying:yaobin.com
d='yaobin.com'
keyauthorization='Yu_-wnOTpalrwxxx_QaU5mlADxTN2FSdohmJEn3Tvkk.YqW3S_O-0qqNnc8DOoudRWA1iWt8j7hdfhqGyuwgH0c'
uri='https://acme-v02.api.letsencrypt.org/acme/challenge/9TIdf2dyY0CPOSrh1cneXusBJPuDmVKIXGKmf7hdt7k/6078679443'
_currentRoot='dns_linode'
url='https://acme-v02.api.letsencrypt.org/acme/challenge/9TIdf2dyY0CPOSrh1cneXusBJPuDmVKIXGKmf7hdt7k/6078679443'
payload='{"keyAuthorization": "Yu_-wnOTpalrwxxx_QaU5mlADxTN2FSdohmJEn3Tvkk.YqW3S_O-0qqNnc8DOoudRWA1iWt8j7hdfhqGyuwgH0c"}'
POST
_post_url='https://acme-v02.api.letsencrypt.org/acme/challenge/9TIdf2dyY0CPOSrh1cneXusBJPuDmVKIXGKmf7hdt7k/6078679443'
_CURL='curl -L --silent --dump-header /usr/local/acme.sh/http.header-g '
_ret='0'
code='200'
trigger validation code: 200
sleep 2 secs to verify
checking
GET
url='https://acme-v02.api.letsencrypt.org/acme/challenge/9TIdf2dyY0CPOSrh1cneXusBJPuDmVKIXGKmf7hdt7k/6078679443'
timeout=
_CURL='curl -L --silent --dump-header /usr/local/acme.sh/http.header-g '
ret='0'
yaobin.com:Verify error:DNS problem: NXDOMAIN looking up TXT for _acme-challenge.yaobin.com
Skip for removelevel:
pid
No need to restore nginx, skip.
_clearupdns
Removing DNS records.
txt='TRFMXFVTyXtoux3Yww8YjHBYyN5421xg48etqIb971A'
d_api='/usr/local/acme.sh/dnsapi/dns_linode.sh'
_d_alias
Using Linode
Calling: dns_linode_rm() '_acme-challenge.yaobin.com'
First detect the root zone
mtd='GET'
ep='domain.list'
GET
url='https://api.linode.com/?api_key=Pqd2wdqWHOZJLi3EgVs12rGnBjYP7o9ndZXsVtCDazMLR1adlecL1aMMpNPA1qSG&api_action=domain.list'
timeout=
_CURL='curl -L --silent --dump-header /usr/local/acme.sh/http.header-g '
ret='0'

vBin 发表于 2018-8-1 20:18:56

h='yaobin.com'
_domain_id='1099632'
_sub_domain='_acme-challenge'
_domain='yaobin.com'
mtd='GET'
ep='domain.resource.list'
GET
url='https://api.linode.com/?api_key=Pqd2wdqWHOZJLi3EgVs12rGnBjYP7o9ndZXsVtCDazMLR1adlecL1aMMpNPA1qSG&api_action=domain.resource.list&DomainID=1099632'
timeout=
_CURL='curl -L --silent --dump-header /usr/local/acme.sh/http.header-g '
ret='0'
_resource_id='10493470'
mtd='GET'
ep='domain.resource.delete'
GET
url='https://api.linode.com/?api_key=Pqd2wdqWHOZJLi3EgVs12rGnBjYP7o9ndZXsVtCDazMLR1adlecL1aMMpNPA1qSG&api_action=domain.resource.delete&DomainID=1099632&ResourceID=10493470'
timeout=
_CURL='curl -L --silent --dump-header /usr/local/acme.sh/http.header-g '
ret='0'
_resource_id='10493470'
Domain resource successfully deleted.
txt='PMiGVTS8qKN_2NvGic1077mALxXTMhPKszos7HJEZrI'
d_api='/usr/local/acme.sh/dnsapi/dns_linode.sh'
_d_alias
Using Linode
Calling: dns_linode_rm() '_acme-challenge.yaobin.com'
First detect the root zone
mtd='GET'
ep='domain.list'
GET
url='https://api.linode.com/?api_key=Pqd2wdqWHOZJLi3EgVs12rGnBjYP7o9ndZXsVtCDazMLR1adlecL1aMMpNPA1qSG&api_action=domain.list'
timeout=
_CURL='curl -L --silent --dump-header /usr/local/acme.sh/http.header-g '
ret='0'
h='yaobin.com'
_domain_id='1099632'
_sub_domain='_acme-challenge'
_domain='yaobin.com'
mtd='GET'
ep='domain.resource.list'
GET
url='https://api.linode.com/?api_key=Pqd2wdqWHOZJLi3EgVs12rGnBjYP7o9ndZXsVtCDazMLR1adlecL1aMMpNPA1qSG&api_action=domain.resource.list&DomainID=1099632'
timeout=
_CURL='curl -L --silent --dump-header /usr/local/acme.sh/http.header-g '
ret='0'
_resource_id='10481480'
mtd='GET'
ep='domain.resource.delete'
GET
url='https://api.linode.com/?api_key=Pqd2wdqWHOZJLi3EgVs12rGnBjYP7o9ndZXsVtCDazMLR1adlecL1aMMpNPA1qSG&api_action=domain.resource.delete&DomainID=1099632&ResourceID=10481480'
timeout=
_CURL='curl -L --silent --dump-header /usr/local/acme.sh/http.header-g '
ret='0'
_resource_id='10481480'
Domain resource successfully deleted.
_on_issue_err
Please check log file for more details: /usr/local/acme.sh/acme.sh.log
url='https://acme-v02.api.letsencrypt.org/acme/challenge/9TIdf2dyY0CPOSrh1cneXusBJPuDmVKIXGKmf7hdt7k/6078679443'
payload='{"keyAuthorization": "Yu_-wnOTpalrwxxx_QaU5mlADxTN2FSdohmJEn3Tvkk.YqW3S_O-0qqNnc8DOoudRWA1iWt8j7hdfhqGyuwgH0c"}'
POST
_post_url='https://acme-v02.api.letsencrypt.org/acme/challenge/9TIdf2dyY0CPOSrh1cneXusBJPuDmVKIXGKmf7hdt7k/6078679443'
_CURL='curl -L --silent --dump-header /usr/local/acme.sh/http.header-g '
_ret='0'
code='400'
url='https://acme-v02.api.letsencrypt.org/acme/challenge/-ZDOGxosgC2EHH9RVcn4Xbk3PEMW9LYwTtJc80aM1GM/6078679440'
payload='{"keyAuthorization": "CUWr6AQSMJb6dIR4C_aFVnBUDqc3iYmTPq5xQTT_4SU.YqW3S_O-0qqNnc8DOoudRWA1iWt8j7hdfhqGyuwgH0c"}'
POST
_post_url='https://acme-v02.api.letsencrypt.org/acme/challenge/-ZDOGxosgC2EHH9RVcn4Xbk3PEMW9LYwTtJc80aM1GM/6078679440'
_CURL='curl -L --silent --dump-header /usr/local/acme.sh/http.header-g '
_ret='0'
code='200'

vBin 发表于 2018-8-1 20:20:40

原帖由 realaaaaa 于 2018-8-1 18:39 发表 http://bbs.vpser.net/images/common/back.gif
遇到类似的问题，其他域名都没问题，有一个域名死都配置不是行，提示txt 记录丢失。但是用dig 查看txt记录是正确的，手工去生成ssl也这样，txt记录用第三方网站都可以查询到。
感觉这个有dns cache 不知道怎么强制更新 ...
你说得对，我感觉也是dns cache的问题。
但是这个cache应该不是指本机的cache。 最后你是怎么解决的？

realaaaaa 发表于 2018-8-2 09:57:34

原帖由 vBin 于 2018-8-1 20:20 发表 http://bbs.vpser.net/images/common/back.gif

你说得对，我感觉也是dns cache的问题。
但是这个cache应该不是指本机的cache。 最后你是怎么解决的？
换一个dns服务商解决了。

vBin 发表于 2018-8-2 10:38:59

原帖由 realaaaaa 于 2018-8-2 09:57 发表 http://bbs.vpser.net/images/common/back.gif

换一个dns服务商解决了。
我看日志，
url='https://acme-v02.api.letsencrypt.org/acme/challenge/9TIdf2dyY0CPOSrh1cneXusBJPuDmVKIXGKmf7hdt7k/6078679443'

应该是 letsencrypt.org 网站负责验证 TXT记录。 他的DNS服务是换不了的。

你是指更换我本身域名的解析吧？
我用的Linode的VPS，有没有推荐的DNS服务商？谢谢~

vBin 发表于 2018-8-2 11:00:51

原帖由 realaaaaa 于 2018-8-2 09:57 发表 http://bbs.vpser.net/images/common/back.gif

换一个dns服务商解决了。
晚点的时候，偿试一下 Godaddy

realaaaaa 发表于 2018-8-2 12:19:26

原帖由 vBin 于 2018-8-2 11:00 发表 http://bbs.vpser.net/images/common/back.gif

晚点的时候，偿试一下 Godaddy 是的，你国内的域名的话可以试试dnspod cloudxns，都可以
我有个域名dnspod突然搞不定，切换到cloudxns就好了。

vBin 发表于 2018-8-2 16:14:10

原帖由 realaaaaa 于 2018-8-2 12:19 发表 http://bbs.vpser.net/images/common/back.gif
是的，你国内的域名的话可以试试dnspod cloudxns，都可以
我有个域名dnspod突然搞不定，切换到cloudxns就好了。
好的，谢谢，域名正在转移中。处理后，再来反馈结果如何。

查看完整版本: 错误提示：Verify error:DNS problem: NXDOMAIN looking up TXT