Bind9 gives me error 'There was a problem with a DNS query during identifier validation'. Where to look for a solution?
P van Dijk
machlar at hotmail.com
Thu Sep 18 11:15:13 UTC 2025
Dear All,
Has anyone encountered the error message 'There was a problem with a DNS query during identifier validation' while trying the complete a ACME dns-01 challenge? If so, could you help me by pointing me towards a solution. I have tried multiple things but I am completely lost where the issue might reside. Google and the GitLab issue page does not show me any results.
My setup is the following three machines:
* ns1; running Bind9
* certificates; running Step CA
* testhost; Debian 12 on which I am trying to get a TLS certificate. (Once it works on the testhost, I would like to implement it on Truenas Scale. Meaning this Debian machine will be replaced by the machine running Truenas Scale.)
I want to get a TLS certificate on the testhost. To achieve this, I ran acme.sh and cerbot on the testhost. Both result in the error message 'There was a problem with a DNS query during identifier validation'.
Please find below my configuration and commands run.
BIND9 configuration
named.conf.local
zone "myown.home" {
type primary;
file "/var/lib/bind/db.myown.home"; # Zone path file
inline-signing yes;
update-policy {
grant myown_wildcard. name _acme-challenge.testhost.myown.home. txt;
};
};
[redacted reversed-mapped zone]
/var/lib/bind/db.myown.home
$ORIGIN .
$TTL 86400 ; 1 day
myown.home IN SOA ns1.myown.home. info.myown.home. (
2025091716 ; serial
43200 ; refresh (12 hours)
900 ; retry (15 minutes)
345600 ; expire (4 days)
172800 ; minimum (2 days)
)
NS ns1.myown.home.
$ORIGIN myown.home.
testhost A [redacted].23
ns1 A [redacted].21
certificates A [redacted].22
Step CA configuration
[redacted step path]/config/ca.json
"root": "/[redacted step path]/certs/root_ca.crt",
"federatedRoots": null,
"crt": "/[redacted step path]/certs/intermediate_ca.crt",
"key": "/[redacted step path]/secrets/intermediate_ca_key",
"address": ":443",
"insecureAddress": "",
"dnsNames": [
"[redacted].22",
"certificates.myown.home"
],
"logger": {
"format": "text"
},
"db": {
"type": "badgerv2",
"dataSource": "/etc/step-ca/db",
"badgerFileLoadingMode": ""
},
"authority": {
"provisioners": [
...
{
"type": "ACME",
"name": "acme-dns",
"challenges": [
"dns-01"
],
"claims": {
"enableSSHCA": false,
"disableRenewal": false,
"allowRenewalAfterExpiry": false,
"disableSmallstepExtensions": false
},
"options": {
"x509": {},
"ssh": {}
}
}
...
WORKFLOW
On the testhost I ran (as root) the following command to start the flow.
.acme.sh/acme.sh --issue --dns dns_nsupdate -d 'testhost.myown.home' --server https://[redacted].22/acme/acme/directory --dnssleep 300<https://[redacted].22/acme/acme/directory%20--dnssleep%20300>
REQUESTS_CA_BUNDLE=/usr/local/share/ca-certificates/myown_root_ca.crt certbot certonly --dns-rfc2136 --dns-rfc2136-credentials certbot.ini -d testhost.myown.home --server https://[redacted].22/acme/acme/directory
This resulted in the following output (example for achme.sh).
[Wed Sep 17 12:49:03 PM CEST 2025] Using CA: https://[redacted].22/acme/acme/directory
[Wed Sep 17 12:49:03 PM CEST 2025] Account key creation OK.
[Wed Sep 17 12:49:04 PM CEST 2025] Registering account: https://[redacted].22/acme/acme/directory
[Wed Sep 17 12:49:04 PM CEST 2025] Registered
[Wed Sep 17 12:49:04 PM CEST 2025] ACCOUNT_THUMBPRINT='7juVi3uRQTaf2qUTEvOB9faQfCjoNUHUNj-VFxyC284'
[Wed Sep 17 12:49:04 PM CEST 2025] Creating domain key
[Wed Sep 17 12:49:04 PM CEST 2025] The domain key is here: /root/.acme.sh/testhost.myown.home_ecc/testhost.myown.home.key
[Wed Sep 17 12:49:04 PM CEST 2025] Single domain='testhost.myown.home'
[Wed Sep 17 12:49:05 PM CEST 2025] Getting webroot for domain='testhost.myown.home'
[Wed Sep 17 12:49:05 PM CEST 2025] Adding TXT value: JtLRfxGl3S0WZoYaVYJ3BWZCIk011AhHsu-WircaITk for domain: _acme-challenge.testhost.myown.home
[Wed Sep 17 12:49:05 PM CEST 2025] adding _acme-challenge.testhost.myown.home. 600 in txt "JtLRfxGl3S0WZoYaVYJ3BWZCIk011AhHsu-WircaITk"
[Wed Sep 17 12:49:05 PM CEST 2025] The TXT record has been successfully added.
[Wed Sep 17 12:49:05 PM CEST 2025] Sleeping for 300 seconds to wait for the the TXT records to take effect
[Wed Sep 17 12:54:07 PM CEST 2025] Verifying: testhost.myown.home
[Wed Sep 17 12:54:07 PM CEST 2025] Pending. The CA is processing your order, please wait. (1/30)
[Wed Sep 17 12:54:11 PM CEST 2025] Pending. The CA is processing your order, please wait. (2/30)
[Wed Sep 17 12:54:14 PM CEST 2025] Pending. The CA is processing your order, please wait. (3/30)
[Wed Sep 17 12:54:17 PM CEST 2025] Pending. The CA is processing your order, please wait. (4/30)
[Wed Sep 17 12:54:21 PM CEST 2025] Pending. The CA is processing your order, please wait. (5/30)
[Wed Sep 17 12:54:24 PM CEST 2025] Pending. The CA is processing your order, please wait. (6/30)
[Wed Sep 17 12:54:27 PM CEST 2025] Pending. The CA is processing your order, please wait. (7/30)
[Wed Sep 17 12:54:30 PM CEST 2025] Pending. The CA is processing your order, please wait. (8/30)
[Wed Sep 17 12:54:34 PM CEST 2025] Pending. The CA is processing your order, please wait. (9/30)
[Wed Sep 17 12:54:37 PM CEST 2025] Pending. The CA is processing your order, please wait. (10/30)
[Wed Sep 17 12:54:40 PM CEST 2025] Pending. The CA is processing your order, please wait. (11/30)
[Wed Sep 17 12:54:43 PM CEST 2025] Pending. The CA is processing your order, please wait. (12/30)
[Wed Sep 17 12:54:47 PM CEST 2025] Pending. The CA is processing your order, please wait. (13/30)
[Wed Sep 17 12:54:50 PM CEST 2025] Pending. The CA is processing your order, please wait. (14/30)
[Wed Sep 17 12:54:53 PM CEST 2025] Pending. The CA is processing your order, please wait. (15/30)
[Wed Sep 17 12:54:57 PM CEST 2025] Pending. The CA is processing your order, please wait. (16/30)
[Wed Sep 17 12:55:00 PM CEST 2025] Pending. The CA is processing your order, please wait. (17/30)
[Wed Sep 17 12:55:03 PM CEST 2025] Pending. The CA is processing your order, please wait. (18/30)
[Wed Sep 17 12:55:06 PM CEST 2025] Pending. The CA is processing your order, please wait. (19/30)
[Wed Sep 17 12:55:10 PM CEST 2025] Pending. The CA is processing your order, please wait. (20/30)
[Wed Sep 17 12:55:13 PM CEST 2025] Pending. The CA is processing your order, please wait. (21/30)
[Wed Sep 17 12:55:16 PM CEST 2025] Pending. The CA is processing your order, please wait. (22/30)
[Wed Sep 17 12:55:20 PM CEST 2025] Pending. The CA is processing your order, please wait. (23/30)
[Wed Sep 17 12:55:23 PM CEST 2025] Pending. The CA is processing your order, please wait. (24/30)
[Wed Sep 17 12:55:26 PM CEST 2025] Pending. The CA is processing your order, please wait. (25/30)
[Wed Sep 17 12:55:29 PM CEST 2025] Pending. The CA is processing your order, please wait. (26/30)
[Wed Sep 17 12:55:33 PM CEST 2025] Pending. The CA is processing your order, please wait. (27/30)
[Wed Sep 17 12:55:36 PM CEST 2025] Pending. The CA is processing your order, please wait. (28/30)
[Wed Sep 17 12:55:39 PM CEST 2025] Pending. The CA is processing your order, please wait. (29/30)
[Wed Sep 17 12:55:42 PM CEST 2025] testhost.myown.home: Timeout
[Wed Sep 17 12:55:42 PM CEST 2025] Removing DNS records.
[Wed Sep 17 12:55:42 PM CEST 2025] Removing txt: JtLRfxGl3S0WZoYaVYJ3BWZCIk011AhHsu-WircaITk for domain: _acme-challenge.testhost.myown.home
[Wed Sep 17 12:55:43 PM CEST 2025] removing _acme-challenge.testhost.myown.home. txt
[Wed Sep 17 12:55:43 PM CEST 2025] Successfully removed
[Wed Sep 17 12:55:43 PM CEST 2025] Please add '--debug' or '--log' to see more information.
[Wed Sep 17 12:55:43 PM CEST 2025] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh
During 12.49 PM when ACME.sh registered the account and added the TXT message, I got the following in the journalctl on the certificated.myown.home:
{
"__CURSOR" : "s=5819b12a49b64582a726181e92d271cb;i=10fb;b=013473d30295440782ff29490d3dc9fe;m=2d2ac928bed;t=63efcfc2c08c2;x=efdcb09f0f131d1e",
"_CMDLINE" : "/usr/bin/step-ca config/ca.json --password-file /[redacted step path]/secrets/password",
"_GID" : "996",
"_SYSTEMD_INVOCATION_ID" : "85c5974ec43b4e56b4b1c77cef15930e",
"_CAP_EFFECTIVE" : "400",
"__REALTIME_TIMESTAMP" : "1758106143688898",
"_STREAM_ID" : "56b55ea55fd84f62a58435206f03676e",
"_SYSTEMD_UNIT" : "step-ca.service",
"_UID" : "999",
"SYSLOG_IDENTIFIER" : "step-ca",
"_PID" : "2226",
"_BOOT_ID" : "013473d30295440782ff29490d3dc9fe",
"_SELINUX_CONTEXT" : "unconfined\n",
"SYSLOG_FACILITY" : "3",
"_MACHINE_ID" : "e3c0f10a80284f7fb1f3cd5ef5476c92",
"_EXE" : "/usr/bin/step-ca",
"_RUNTIME_SCOPE" : "system",
"_SYSTEMD_CGROUP" : "/system.slice/step-ca.service",
"_HOSTNAME" : "certificates",
"_COMM" : "step-ca",
"__MONOTONIC_TIMESTAMP" : "3103861672941",
"_SYSTEMD_SLICE" : "system.slice",
"MESSAGE" : "time=\"2025-09-17T12:49:03+02:00\" level=info duration=\"58.755µs\" duration-ns=58755 fields.time=\"2025-09-17T12:49:03+02:00\" method=GET name=ca path=/acme/acme/directory protocol=HTTP/2.0 referer= remote-address=[redacted].23 request-id=a4421749-4cbd-4128-a22a-3de5ce439a4e response=\"{\\\"newNonce\\\":\\\https://[redacted].22/acme/acme/new-nonce\\\<https://[redacted].22/acme/acme/new-nonce/>,\\\"newAccount\\\":\\\https://[redacted].22/acme/acme/new-account\\\<https://[redacted].22/acme/acme/new-account/>,\\\"newOrder\\\":\\\https://[redacted].22/acme/acme/new-order\\\<https://[redacted].22/acme/acme/new-order/>,\\\"revokeCert\\\":\\\https://[redacted].22/acme/acme/revoke-cert\\\<https://[redacted].22/acme/acme/revoke-cert/>,\\\"keyChange\\\":\\\https://[redacted].22/acme/acme/key-change\\\<https://[redacted].22/acme/acme/key-change/>}\" size=282 status=200 user-agent=\"acme.sh/3.1.2 (https://github.com/acmesh-official/acme.sh)\<https://github.com/acmesh-official/acme.sh)/>" user-id=",
"PRIORITY" : "6",
"_TRANSPORT" : "stdout"
}
{
"_PID" : "2226",
"_SYSTEMD_UNIT" : "step-ca.service",
"_COMM" : "step-ca",
"_GID" : "996",
"_CMDLINE" : "/usr/bin/step-ca config/ca.json --password-file /[redacted step path]/secrets/password",
"MESSAGE" : "time=\"2025-09-17T12:49:04+02:00\" level=info duration=3.178139ms duration-ns=3178139 fields.time=\"2025-09-17T12:49:04+02:00\" method=HEAD name=ca nonce=UzROdnlhVXc2SHVnbkZOV1YxTVFlamxzV3U3ZVhFa0I path=/acme/acme/new-nonce protocol=HTTP/2.0 referer= remote-address=[redacted].23 request-id=0063c780-2e22-4b3c-b0e3-e0a9e211619b size=0 status=200 user-agent=\"acme.sh/3.1.2 (https://github.com/acmesh-official/acme.sh)\<https://github.com/acmesh-official/acme.sh)/>" user-id=",
"__CURSOR" : "s=5819b12a49b64582a726181e92d271cb;i=10fc;b=013473d30295440782ff29490d3dc9fe;m=2d2ac998662;t=63efcfc330336;x=dab3e11aced4bad7",
"_UID" : "999",
"SYSLOG_FACILITY" : "3",
"_BOOT_ID" : "013473d30295440782ff29490d3dc9fe",
"SYSLOG_IDENTIFIER" : "step-ca",
"_CAP_EFFECTIVE" : "400",
"_SYSTEMD_SLICE" : "system.slice",
"_HOSTNAME" : "certificates",
"_EXE" : "/usr/bin/step-ca",
"_STREAM_ID" : "56b55ea55fd84f62a58435206f03676e",
"_RUNTIME_SCOPE" : "system",
"__REALTIME_TIMESTAMP" : "1758106144146230",
"__MONOTONIC_TIMESTAMP" : "3103862130274",
"_SYSTEMD_INVOCATION_ID" : "85c5974ec43b4e56b4b1c77cef15930e",
"PRIORITY" : "6",
"_SELINUX_CONTEXT" : "unconfined\n",
"_MACHINE_ID" : "e3c0f10a80284f7fb1f3cd5ef5476c92",
"_TRANSPORT" : "stdout",
"_SYSTEMD_CGROUP" : "/system.slice/step-ca.service"
}
{
"PRIORITY" : "6",
"_MACHINE_ID" : "e3c0f10a80284f7fb1f3cd5ef5476c92",
"_BOOT_ID" : "013473d30295440782ff29490d3dc9fe",
"SYSLOG_IDENTIFIER" : "step-ca",
"_EXE" : "/usr/bin/step-ca",
"_SYSTEMD_CGROUP" : "/system.slice/step-ca.service",
"__REALTIME_TIMESTAMP" : "1758106144332324",
"_SYSTEMD_SLICE" : "system.slice",
"__MONOTONIC_TIMESTAMP" : "3103862316368",
"_GID" : "996",
"_STREAM_ID" : "56b55ea55fd84f62a58435206f03676e",
"_HOSTNAME" : "certificates",
"_COMM" : "step-ca",
"MESSAGE" : "time=\"2025-09-17T12:49:04+02:00\" level=info duration=10.229178ms duration-ns=10229178 fields.time=\"2025-09-17T12:49:04+02:00\" method=POST name=ca nonce=SWEwNVFNczcySlBlZUhwcFNpald0TmJrUEdEekh3V3g path=/acme/acme/new-account protocol=HTTP/2.0 referer= remote-address=[redacted].23 request-id=3be4d4bb-5479-4904-8b73-b53f0fbbb150 response=\"{\\\"contact\\\":[\\\mailto:test at test.com\\\],\\\"status\\\":\\\"valid\\\",\\\"orders\\\":\\\https://[redacted].22/acme/acme/account/6J2ZJJSxnYO27u6bpFUtBrJ1CCtHkfcA/orders\\\<https://[redacted].22/acme/acme/account/6J2ZJJSxnYO27u6bpFUtBrJ1CCtHkfcA/orders/>}\" size=144 status=201 user-agent=\"acme.sh/3.1.2 (https://github.com/acmesh-official/acme.sh)\<https://github.com/acmesh-official/acme.sh)/>" user-id=",
"_SYSTEMD_INVOCATION_ID" : "85c5974ec43b4e56b4b1c77cef15930e",
"_SELINUX_CONTEXT" : "unconfined\n",
"_CMDLINE" : "/usr/bin/step-ca config/ca.json --password-file /[redacted step path]/secrets/password",
"_RUNTIME_SCOPE" : "system",
"_CAP_EFFECTIVE" : "400",
"_TRANSPORT" : "stdout",
"_SYSTEMD_UNIT" : "step-ca.service",
"_UID" : "999",
"SYSLOG_FACILITY" : "3",
"_PID" : "2226",
"__CURSOR" : "s=5819b12a49b64582a726181e92d271cb;i=10fd;b=013473d30295440782ff29490d3dc9fe;m=2d2ac9c5d50;t=63efcfc35da24;x=8d727976330d3e21"
}
{
"_BOOT_ID" : "013473d30295440782ff29490d3dc9fe",
"_COMM" : "step-ca",
"_MACHINE_ID" : "e3c0f10a80284f7fb1f3cd5ef5476c92",
"_HOSTNAME" : "certificates",
"_TRANSPORT" : "stdout",
"_GID" : "996",
"_CMDLINE" : "/usr/bin/step-ca config/ca.json --password-file /[redacted step path]/secrets/password",
"_UID" : "999",
"SYSLOG_FACILITY" : "3",
"_SYSTEMD_UNIT" : "step-ca.service",
"_STREAM_ID" : "56b55ea55fd84f62a58435206f03676e",
"_PID" : "2226",
"PRIORITY" : "6",
"_SYSTEMD_CGROUP" : "/system.slice/step-ca.service",
"_CAP_EFFECTIVE" : "400",
"__MONOTONIC_TIMESTAMP" : "3103862794284",
"_SYSTEMD_INVOCATION_ID" : "85c5974ec43b4e56b4b1c77cef15930e",
"__REALTIME_TIMESTAMP" : "1758106144810241",
"_SYSTEMD_SLICE" : "system.slice",
"SYSLOG_IDENTIFIER" : "step-ca",
"_EXE" : "/usr/bin/step-ca",
"_SELINUX_CONTEXT" : "unconfined\n",
"__CURSOR" : "s=5819b12a49b64582a726181e92d271cb;i=10fe;b=013473d30295440782ff29490d3dc9fe;m=2d2aca3a82c;t=63efcfc3d2501;x=d6ac118a2c53c6a4",
"_RUNTIME_SCOPE" : "system",
"MESSAGE" : "time=\"2025-09-17T12:49:04+02:00\" level=info duration=17.863338ms duration-ns=17863338 fields.time=\"2025-09-17T12:49:04+02:00\" method=POST name=ca nonce=RmJ1Z0RkY0JXQk9LaEdLcU9PdDZId2NXUW5xcUdqekQ path=/acme/acme/new-order protocol=HTTP/2.0 referer= remote-address=[redacted].23 request-id=3f8bd00e-6c59-4de8-b5b4-2c51cf2f6bd8 response=\"{\\\"id\\\":\\\"OnEbnpn9KtE5yH27Oflg3BZwTBns4x7t\\\",\\\"status\\\":\\\"pending\\\",\\\"expires\\\":\\\"2025-09-18T10:49:04Z\\\",\\\"identifiers\\\":[{\\\"type\\\":\\\"dns\\\",\\\"value\\\":\\\"testhost.myown.home\\\"}],\\\"notBefore\\\":\\\"2025-09-17T10:48:04Z\\\",\\\"notAfter\\\":\\\"2025-09-18T10:49:04Z\\\",\\\"authorizations\\\":[\\\https://[redacted].22/acme/acme/authz/KYqNFxZVSmSG33yfHbjs5pCqAIxeENm7\\\<https://[redacted].22/acme/acme/authz/KYqNFxZVSmSG33yfHbjs5pCqAIxeENm7/>],\\\"finalize\\\":\\\https://[redacted].22/acme/acme/order/OnEbnpn9KtE5yH27Oflg3BZwTBns4x7t/finalize\\\<https://[redacted].22/acme/acme/order/OnEbnpn9KtE5yH27Oflg3BZwTBns4x7t/finalize/>}\" size=414 status=201 user-agent=\"acme.sh/3.1.2 (https://github.com/acmesh-official/acme.sh)\<https://github.com/acmesh-official/acme.sh)/>" user-id="
}
{
"_EXE" : "/usr/bin/step-ca",
"_SELINUX_CONTEXT" : "unconfined\n",
"_MACHINE_ID" : "e3c0f10a80284f7fb1f3cd5ef5476c92",
"_CAP_EFFECTIVE" : "400",
"_PID" : "2226",
"SYSLOG_IDENTIFIER" : "step-ca",
"_GID" : "996",
"SYSLOG_FACILITY" : "3",
"_RUNTIME_SCOPE" : "system",
"__CURSOR" : "s=5819b12a49b64582a726181e92d271cb;i=10ff;b=013473d30295440782ff29490d3dc9fe;m=2d2aca7f1fb;t=63efcfc416ed0;x=8c246ed311a302e",
"_SYSTEMD_INVOCATION_ID" : "85c5974ec43b4e56b4b1c77cef15930e",
"_COMM" : "step-ca",
"MESSAGE" : "time=\"2025-09-17T12:49:05+02:00\" level=info duration=5.975201ms duration-ns=5975201 fields.time=\"2025-09-17T12:49:05+02:00\" method=POST name=ca nonce=R3JoSUljRVU0cU5HcGhQeDdwRWJvV2o0RG9EQnBWdlg path=/acme/acme/authz/KYqNFxZVSmSG33yfHbjs5pCqAIxeENm7 protocol=HTTP/2.0 referer= remote-address=[redacted].23 request-id=21a5b8f1-2e06-4270-9c78-36756eed0454 response=\"{\\\"identifier\\\":{\\\"type\\\":\\\"dns\\\",\\\"value\\\":\\\"testhost.myown.home\\\"},\\\"status\\\":\\\"pending\\\",\\\"challenges\\\":[{\\\"type\\\":\\\"dns-01\\\",\\\"status\\\":\\\"pending\\\",\\\"token\\\":\\\"MjJKsBOb7QhF8NLH9OUNgVzfNNXky6rh\\\",\\\"url\\\":\\\https://[redacted].22/acme/acme/challenge/KYqNFxZVSmSG33yfHbjs5pCqAIxeENm7/n5wxEJwQaiIUZVtShgqh9Tzu0ypHe92V\\\<https://[redacted].22/acme/acme/challenge/KYqNFxZVSmSG33yfHbjs5pCqAIxeENm7/n5wxEJwQaiIUZVtShgqh9Tzu0ypHe92V/>},{\\\"type\\\":\\\"http-01\\\",\\\"status\\\":\\\"pending\\\",\\\"token\\\":\\\"MjJKsBOb7QhF8NLH9OUNgVzfNNXky6rh\\\",\\\"url\\\":\\\https://[redacted].22/acme/acme/challenge/KYqNFxZVSmSG33yfHbjs5pCqAIxeENm7/zoCrJwaGduKM01OzNFwmk0pUate4MWpp\\\<https://[redacted].22/acme/acme/challenge/KYqNFxZVSmSG33yfHbjs5pCqAIxeENm7/zoCrJwaGduKM01OzNFwmk0pUate4MWpp/>}],\\\"wildcard\\\":false,\\\"expires\\\":\\\"2025-09-18T10:49:04Z\\\"}\" size=542 status=200 user-agent=\"acme.sh/3.1.2 (https://github.com/acmesh-official/acme.sh)\<https://github.com/acmesh-official/acme.sh)/>" user-id=",
"__MONOTONIC_TIMESTAMP" : "3103863075323",
"_SYSTEMD_SLICE" : "system.slice",
"_HOSTNAME" : "certificates",
"_STREAM_ID" : "56b55ea55fd84f62a58435206f03676e",
"PRIORITY" : "6",
"_BOOT_ID" : "013473d30295440782ff29490d3dc9fe",
"_SYSTEMD_CGROUP" : "/system.slice/step-ca.service",
"__REALTIME_TIMESTAMP" : "1758106145091280",
"_TRANSPORT" : "stdout",
"_CMDLINE" : "/usr/bin/step-ca config/ca.json --password-file /[redacted step path]/secrets/password",
"_SYSTEMD_UNIT" : "step-ca.service",
"_UID" : "999"
}
While the ACME.sh script slept for 300 seconds, I ran on the DNS server: dig @192.168.2.21 TXT _acme-challenge.testhost.myown.home. Verifying that the TXT record was added correctly.
; <<>> DiG 9.18.33-1~deb12u2-Debian <<>> @[redacted].21 TXT _acme-challenge.testhost.myown.home.
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37924
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: db03a0646b58f1cf0100000068ca92262d763b3f9b6e48a7 (good)
;; QUESTION SECTION:
;_acme-challenge.testhost.myown.home. IN TXT
;; ANSWER SECTION:
_acme-challenge.testhost.myown.home. 600 IN TXT "JtLRfxGl3S0WZoYaVYJ3BWZCIk011AhHsu-WircaITk"
;; Query time: 0 msec
;; SERVER: [redacted].21#53([redacted].21) (UDP)
;; WHEN: Wed Sep 17 12:49:10 CEST 2025
;; MSG SIZE rcvd: 155
>From 12.54 PM when ACME.sh tried to verify the the FQDN testhost.myown.home, I got the following output in the journalctl of the PKI of each of the 30 attempts:
{
"_CAP_EFFECTIVE" : "400",
"__MONOTONIC_TIMESTAMP" : "3104165836085",
"_SYSTEMD_UNIT" : "step-ca.service",
"_MACHINE_ID" : "e3c0f10a80284f7fb1f3cd5ef5476c92",
"PRIORITY" : "6",
"_STREAM_ID" : "56b55ea55fd84f62a58435206f03676e",
"_SYSTEMD_CGROUP" : "/system.slice/step-ca.service",
"_PID" : "2226",
"__REALTIME_TIMESTAMP" : "1758106447852041",
"SYSLOG_FACILITY" : "3",
"_RUNTIME_SCOPE" : "system",
"_HOSTNAME" : "certificates",
"_CMDLINE" : "/usr/bin/step-ca config/ca.json --password-file /[redacted step path]/secrets/password",
"_TRANSPORT" : "stdout",
"_COMM" : "step-ca",
"MESSAGE" : "time=\"2025-09-17T12:54:07+02:00\" level=info duration=20.569994ms duration-ns=20569994 fields.time=\"2025-09-17T12:54:07+02:00\" method=POST name=ca nonce=M3dsVFlIV2dOR2ZNc0w4RlBkNjV4S3RxTGROMVdQZnE path=/acme/acme/challenge/KYqNFxZVSmSG33yfHbjs5pCqAIxeENm7/n5wxEJwQaiIUZVtShgqh9Tzu0ypHe92V protocol=HTTP/2.0 referer= remote-address=[redacted].23 request-id=cab15bca-630d-471e-953a-2e83afb36dfd response=\"{\\\"type\\\":\\\"dns-01\\\",\\\"status\\\":\\\"pending\\\",\\\"token\\\":\\\"MjJKsBOb7QhF8NLH9OUNgVzfNNXky6rh\\\",\\\"url\\\":\\\https://[redacted].22/acme/acme/challenge/KYqNFxZVSmSG33yfHbjs5pCqAIxeENm7/n5wxEJwQaiIUZVtShgqh9Tzu0ypHe92V\\\<https://[redacted].22/acme/acme/challenge/KYqNFxZVSmSG33yfHbjs5pCqAIxeENm7/n5wxEJwQaiIUZVtShgqh9Tzu0ypHe92V/>,\\\"error\\\":{\\\"type\\\":\\\"urn:ietf:params:acme:error:dns\\\",\\\"detail\\\":\\\"There was a problem with a DNS query during identifier validation\\\"}}\" size=322 status=200 user-agent=\"acme.sh/3.1.2 (https://github.com/acmesh-official/acme.sh)\<https://github.com/acmesh-official/acme.sh)/>" user-id=",
"_EXE" : "/usr/bin/step-ca",
"SYSLOG_IDENTIFIER" : "step-ca",
"_BOOT_ID" : "013473d30295440782ff29490d3dc9fe",
"_UID" : "999",
"_GID" : "996",
"_SYSTEMD_INVOCATION_ID" : "85c5974ec43b4e56b4b1c77cef15930e",
"_SELINUX_CONTEXT" : "unconfined\n",
"__CURSOR" : "s=5819b12a49b64582a726181e92d271cb;i=1100;b=013473d30295440782ff29490d3dc9fe;m=2d2beb3b535;t=63efd0e4d3209;x=4b57da03825cd994",
"_SYSTEMD_SLICE" : "system.slice"
}
{
"__CURSOR" : "s=5819b12a49b64582a726181e92d271cb;i=1101;b=013473d30295440782ff29490d3dc9fe;m=2d2bee58f91;t=63efd0e7f0c65;x=a9161de4e298eae5",
"_RUNTIME_SCOPE" : "system",
"_SYSTEMD_CGROUP" : "/system.slice/step-ca.service",
"SYSLOG_IDENTIFIER" : "step-ca",
"_COMM" : "step-ca",
"_SYSTEMD_SLICE" : "system.slice",
"_PID" : "2226",
"PRIORITY" : "6",
"_CMDLINE" : "/usr/bin/step-ca config/ca.json --password-file /[redacted step path]/secrets/password",
"_CAP_EFFECTIVE" : "400",
"__MONOTONIC_TIMESTAMP" : "3104169103249",
"_GID" : "996",
"SYSLOG_FACILITY" : "3",
"__REALTIME_TIMESTAMP" : "1758106451119205",
"_MACHINE_ID" : "e3c0f10a80284f7fb1f3cd5ef5476c92",
"_EXE" : "/usr/bin/step-ca",
"_UID" : "999",
"_SYSTEMD_UNIT" : "step-ca.service",
"_HOSTNAME" : "certificates",
"_SELINUX_CONTEXT" : "unconfined\n",
"_BOOT_ID" : "013473d30295440782ff29490d3dc9fe",
"_TRANSPORT" : "stdout",
"_SYSTEMD_INVOCATION_ID" : "85c5974ec43b4e56b4b1c77cef15930e",
"_STREAM_ID" : "56b55ea55fd84f62a58435206f03676e",
"MESSAGE" : "time=\"2025-09-17T12:54:11+02:00\" level=info duration=5.976054ms duration-ns=5976054 fields.time=\"2025-09-17T12:54:11+02:00\" method=POST name=ca nonce=aU9venZXaHJBOGNKRlBYcUU1WkM5U0NiUmVtczlwckk path=/acme/acme/authz/KYqNFxZVSmSG33yfHbjs5pCqAIxeENm7 protocol=HTTP/2.0 referer= remote-address=[redacted].23 request-id=97b6d3c0-7f70-4aec-a83a-8949c26617c6 response=\"{\\\"identifier\\\":{\\\"type\\\":\\\"dns\\\",\\\"value\\\":\\\"testhost.myown.home\\\"},\\\"status\\\":\\\"pending\\\",\\\"challenges\\\":[{\\\"type\\\":\\\"dns-01\\\",\\\"status\\\":\\\"pending\\\",\\\"token\\\":\\\"MjJKsBOb7QhF8NLH9OUNgVzfNNXky6rh\\\",\\\"url\\\":\\\https://[redacted].22/acme/acme/challenge/KYqNFxZVSmSG33yfHbjs5pCqAIxeENm7/n5wxEJwQaiIUZVtShgqh9Tzu0ypHe92V\\\<https://[redacted].22/acme/acme/challenge/KYqNFxZVSmSG33yfHbjs5pCqAIxeENm7/n5wxEJwQaiIUZVtShgqh9Tzu0ypHe92V/>,\\\"error\\\":{\\\"type\\\":\\\"urn:ietf:params:acme:error:dns\\\",\\\"detail\\\":\\\"There was a problem with a DNS query during identifier validation\\\"}},{\\\"type\\\":\\\"http-01\\\",\\\"status\\\":\\\"pending\\\",\\\"token\\\":\\\"MjJKsBOb7QhF8NLH9OUNgVzfNNXky6rh\\\",\\\"url\\\":\\\https://[redacted].22/acme/acme/challenge/KYqNFxZVSmSG33yfHbjs5pCqAIxeENm7/zoCrJwaGduKM01OzNFwmk0pUate4MWpp\\\<https://[redacted].22/acme/acme/challenge/KYqNFxZVSmSG33yfHbjs5pCqAIxeENm7/zoCrJwaGduKM01OzNFwmk0pUate4MWpp/>}],\\\"wildcard\\\":false,\\\"expires\\\":\\\"2025-09-18T10:49:04Z\\\"}\" size=669 status=200 user-agent=\"acme.sh/3.1.2 (https://github.com/acmesh-official/acme.sh)\<https://github.com/acmesh-official/acme.sh)/>" user-id="
}
...This last message is repeated 29 times, for attempt 2 till 30 as shown in the output of the acme.sh...
Kind regards,
Vinvar
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20250918/d8c2e77d/attachment-0001.htm>
More information about the bind-users
mailing list