> On 25 Oct 2021, at 06:39, Paul van der Vlis <p...@vandervlis.nl> wrote: > > Hello, > > I am trying to get Certbot working using rfc2136. But during the validation I > get these errors: > ------- > Oct 24 02:14:21 ns1 named[343]: client @0x7f70e43b7d08 > 45.95.238.187#57242/key test3.hallo24.nl: updating zone 'hallo24.nl/IN' > : adding an RR at '_acme-challenge.test3.hallo24.nl' TXT > "qYxXiH34V8T0lFtsUOd_BPMZCBiA-FgAiJ-0nUGHsYE" > Oct 24 02:14:21 ns1 named[343]: dns_dnssec_findzonekeys2: error reading > Khallo24.nl.+013+02962.private: file not found > Oct 24 02:14:21 ns1 named[343]: dns_dnssec_findzonekeys2: error reading > Khallo24.nl.+013+01290.private: file not found > ------- > > These files are in /etc/bind/keys/, and normally that's no problem. > > I've tried to specify the "key-directory" in the bind configuration, but when > I do that I get an error during "rndc reload", so I cannot specify a > key-directory. This is Bind 9.16.15 from Debian 11. > > What do I wrong?
Failed to post the actual error messages reported. Named would have logged error messages. Failed to post what you actually did. “I tried to specify the "key-directory" in the bind configuration” is not what you actually did. Post the parts of named.conf. Failed to run named-checkconf before you ran 'rndc reload’ to check that you didn’t have an error. How do you start named? Do you run chrooted? At the moment you are saying “I did something. It didn’t work. Tell me what I did wrong.” Without crystal balls no one here has a chance of telling you. > Does somebody know a good howto to get this working? I use now this: > https://certbot-dns-rfc2136.readthedocs.io/en/stable/ > but in my opinion it's not complete enough. > > With regards, > Paul > > > > > > > > -- > Paul van der Vlis Linux systeembeheer Groningen > https://www.vandervlis.nl/ > _______________________________________________ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > ISC funds the development of this software with paid support subscriptions. > Contact us at https://www.isc.org/contact/ for more information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
