Mailing List ecs-isp@2rosenthals.com Archived Message #843

Fra:	"Lewis G Rosenthal" <ecs-isp@2rosenthals.com>	Full Headers Undecoded message
Emne:	uacme and DNS challenge/response (was: Re: [eCS-ISP] Apache HTTPS)
Dato:	Fri, 16 Aug 2024 14:57:23 -0400
Til:	eCS ISP Mailing List <ecs-isp@2rosenthals.com>

PMFJI (again)... On 08/16/24 01:59 pm, Dan Napier, MS, CIH, CAC wrote: Steven Here is as far as I get, I is asking for a TXT line in the dns server? uacme.exe: challenge https://acme-v02.api.letsencrypt.org/acme/chall-v3/38943333 6946/-1Wx1w failed with status invalid uacme.exe: the server reported the following error: { "type": "urn:ietf:params:acme:error:dns", "detail": "DNS problem: NXDOMAIN looking up TXT for _acme-challenge.ns1.dnac ih.com - check that a DNS record exists for this domain", "status": 400 } uacme.exe: failed to authorize order at https://acme-v02.api.letsencrypt.org/acm e/order/1887586636/295703974986 Dan, do you indeed have a TXT record defined as "_acme-challenge" under the domain you are querying (ns1.dnacih.com looks suspiciously like a host.domain name)? According to RFC8555, the TXT record should contain the digest value (SHA-256) of the key authorization. Apparently, this lookup is not always required (a quick scan of the net indicates that for LE certs, the challenge is only used for wildcard certs). Thus, uacme is not looking for a "TXT line" but a "TXT record" identified as "_acme-challenge" which does not seem to exist for the domain (according to dig). A good reference: https://www.rfc-editor.org/rfc/rfc8555.html#section-8.4 HTH <snip> -- Lewis ------------------------------------------------------------- Lewis G Rosenthal, CNA, CLP, CLE, CWTS, EA Rosenthal & Rosenthal, LLC www.2rosenthals.com visit my IT blog www.2rosenthals.net/wordpress -------------------------------------------------------------

Abboner: Feed, Digest, Index.
Stopp abbonement
E-post til ListMaster