Score:0

Server

What commands can I use to simulate letsencrypt adding the TXT field to my server?

Alexis Wilke

6/22/23, 4:27 AM

I'm trying to debug my DNS setup for the letsencrypt challenge.

I understand that BIND9 may not be receiving the requests, although it was earlier in the day. The .jnl does not get created, unfortunately.

What I'd like to know is how can I send a request from a remote computer to eventually see what fails on the other end. What does letsencrypt do to send us a TXT field update? What command line command(s) can I run?

That would be an equivalent to the nsupdate command, but from a remote computer.

0 + 0

domain-name-system

bind

lets-encrypt

Score:3

Server

John Mahowald

6/22/23, 5:16 AM

Use Let's Encrypt staging environment with your ACME client of choice.

Test with staging first, to not get rate limited from production.

Note that it is not Let's Encrypt sending you DNS update requests, but the API tells you what they should be set to. Various clients have hooks to automate DNS. Read your favorite hooks and the nsupdate man page to get an idea of how they delete and add the TXT records, and if the DNS server is configurable.

0 + 0

Alexis Wilke

6/22/23, 5:55 AM

I'm definitely not anywhere near the limits. It gets stuck just before the "wait 60 sec. before checking TXT field"... as if it were trying to send the UDP packets but it looks like I never receive them. I can connect to the HTTPS servers `wget -S https://acme-v02.api.letsencrypt.org/directory` works (the test too).

John Mahowald

6/22/23, 1:02 PM

Let's Encrypt staging is useful for reasons other than the quotas. Separate rooted chain so certs issued with it are not nearly as valuable. Features are enabled in staging first.

Alexis Wilke

6/22/23, 6:12 PM

I now posted a question on the [letsencrypt forum](https://community.letsencrypt.org/t/certbot-gets-stuck-before-saying-waiting-60-seconds-for-dns-changes-to-propagate/172497/3). It feels like something is blocking the UDP packets from their end to my server. I don't see any other technical reasons to prevent the flow at the moment... I'll give the latest version a try, though.

Score:1

Server

vidarlo

6/22/23, 4:51 AM

That would be an equivalent to the nsupdate command, but from a remote computer.

nsupdate works from a remote computer.

Simply run nsupdate -k keyfile and issue the command server example.com when nsupdate has started to tell it which server to send updates to.

0 + 0

Alexis Wilke

6/22/23, 5:11 AM

Indeed! That worked just fine. I don't understand why letsencrypt gets stuck now... Hmmm...

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: What commands can I use to simulate letsencrypt adding the TXT field to my server?

TH: ฉันสามารถใช้คำสั่งใดเพื่อจำลอง letsencrypt โดยเพิ่มฟิลด์ TXT ลงในเซิร์ฟเวอร์ของฉัน

RO: Ce comenzi pot folosi pentru a simula letsencrypt adăugarea câmpului TXT la serverul meu?

RU: Какие команды я могу использовать для имитации letsencrypt добавления поля TXT на мой сервер?

VI: Tôi có thể sử dụng những lệnh nào để mô phỏng letencrypt thêm trường TXT vào máy chủ của mình?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.