.HOME does not exist so you will NEVER get a CERT for a .HOME name.
Use registered names.
Mark
> On 18 Sep 2025, at 13:15, P van Dijk <mach...@hotmail.com> wrote:
>
> Dear All,
> Has anyone encountered the error message ‘There was a problem with a DNS
> query during identifier validation’ while trying the complete a ACME dns-01
> challenge? If so, could you help me by pointing me towards a solution. I have
> tried multiple things but I am completely lost where the issue might reside.
> Google and the GitLab issue page does not show me any results.
> My setup is the following three machines:
> • ns1; running Bind9
> • certificates; running Step CA
> • testhost; Debian 12 on which I am trying to get a TLS certificate.
> (Once it works on the testhost, I would like to implement it on Truenas
> Scale. Meaning this Debian machine will be replaced by the machine running
> Truenas Scale.)
> I want to get a TLS certificate on the testhost. To achieve this, I ran
> acme.sh and cerbot on the testhost. Both result in the error message ‘There
> was a problem with a DNS query during identifier validation’.
> Please find below my configuration and commands run.
> BIND9 configuration
> named.conf.local
> zone "myown.home" {
> type primary;
> file "/var/lib/bind/db.myown.home"; # Zone path file
> inline-signing yes;
> update-policy {
> grant myown_wildcard. name _acme-challenge.testhost.myown.home.
> txt;
> };
> };
> [redacted reversed-mapped zone]
> /var/lib/bind/db.myown.home
> $ORIGIN .
> $TTL 86400 ; 1 day
> myown.home IN SOA ns1.myown.home. info.myown.home. (
> 2025091716 ; serial
> 43200 ; refresh (12 hours)
> 900 ; retry (15
> minutes)
> 345600 ; expire (4 days)
> 172800 ; minimum (2 days)
> )
> NS ns1.myown.home.
> $ORIGIN myown.home.
> testhost A [redacted].23
> ns1 A [redacted].21
> certificates A [redacted].22
> Step CA configuration
> [redacted step path]/config/ca.json
> "root": "/[redacted step path]/certs/root_ca.crt",
> "federatedRoots": null,
> "crt": "/[redacted step path]/certs/intermediate_ca.crt",
> "key": "/[redacted step path]/secrets/intermediate_ca_key",
> "address": ":443",
> "insecureAddress": "",
> "dnsNames": [
> "[redacted].22",
> "certificates.myown.home"
> ],
> "logger": {
> "format": "text"
> },
> "db": {
> "type": "badgerv2",
> "dataSource": "/etc/step-ca/db",
> "badgerFileLoadingMode": ""
> },
> "authority": {
> "provisioners": [
> …
> {
> "type": "ACME",
> "name": "acme-dns",
> "challenges": [
> "dns-01"
> ],
> "claims": {
> "enableSSHCA": false,
> "disableRenewal": false,
> "allowRenewalAfterExpiry": false,
> "disableSmallstepExtensions": false
> },
> "options": {
> "x509": {},
> "ssh": {}
> }
> }
> …
> WORKFLOW
> On the testhost I ran (as root) the following command to start the flow.
> .acme.sh/acme.sh --issue --dns dns_nsupdate -d 'testhost.myown.home'
> --serverhttps://[redacted].22/acme/acme/directory --dnssleep 300
> REQUESTS_CA_BUNDLE=/usr/local/share/ca-certificates/myown_root_ca.crt certbot
> certonly --dns-rfc2136 --dns-rfc2136-credentials certbot.ini -d
> testhost.myown.home --serverhttps://[redacted].22/acme/acme/directory
> This resulted in the following output (example for achme.sh).
> [Wed Sep 17 12:49:03 PM CEST 2025] Using CA:
> https://[redacted].22/acme/acme/directory
> [Wed Sep 17 12:49:03 PM CEST 2025] Account key creation OK.
> [Wed Sep 17 12:49:04 PM CEST 2025] Registering
> account:https://[redacted].22/acme/acme/directory
> [Wed Sep 17 12:49:04 PM CEST 2025] Registered
> [Wed Sep 17 12:49:04 PM CEST 2025]
> ACCOUNT_THUMBPRINT='7juVi3uRQTaf2qUTEvOB9faQfCjoNUHUNj-VFxyC284'
> [Wed Sep 17 12:49:04 PM CEST 2025] Creating domain key
> [Wed Sep 17 12:49:04 PM CEST 2025] The domain key is here:
> /root/.acme.sh/testhost.myown.home_ecc/testhost.myown.home.key
> [Wed Sep 17 12:49:04 PM CEST 2025] Single domain='testhost.myown.home'
> [Wed Sep 17 12:49:05 PM CEST 2025] Getting webroot for
> domain='testhost.myown.home'
> [Wed Sep 17 12:49:05 PM CEST 2025] Adding TXT value:
> JtLRfxGl3S0WZoYaVYJ3BWZCIk011AhHsu-WircaITk for domain:
> _acme-challenge.testhost.myown.home
> [Wed Sep 17 12:49:05 PM CEST 2025] adding
> _acme-challenge.testhost.myown.home. 600 in txt
> "JtLRfxGl3S0WZoYaVYJ3BWZCIk011AhHsu-WircaITk"
> [Wed Sep 17 12:49:05 PM CEST 2025] The TXT record has been successfully added.
> [Wed Sep 17 12:49:05 PM CEST 2025] Sleeping for 300 seconds to wait for the
> the TXT records to take effect
> [Wed Sep 17 12:54:07 PM CEST 2025] Verifying: testhost.myown.home
> [Wed Sep 17 12:54:07 PM CEST 2025] Pending. The CA is processing your order,
> please wait. (1/30)
> [Wed Sep 17 12:54:11 PM CEST 2025] Pending. The CA is processing your order,
> please wait. (2/30)
> [Wed Sep 17 12:54:14 PM CEST 2025] Pending. The CA is processing your order,
> please wait. (3/30)
> [Wed Sep 17 12:54:17 PM CEST 2025] Pending. The CA is processing your order,
> please wait. (4/30)
> [Wed Sep 17 12:54:21 PM CEST 2025] Pending. The CA is processing your order,
> please wait. (5/30)
> [Wed Sep 17 12:54:24 PM CEST 2025] Pending. The CA is processing your order,
> please wait. (6/30)
> [Wed Sep 17 12:54:27 PM CEST 2025] Pending. The CA is processing your order,
> please wait. (7/30)
> [Wed Sep 17 12:54:30 PM CEST 2025] Pending. The CA is processing your order,
> please wait. (8/30)
> [Wed Sep 17 12:54:34 PM CEST 2025] Pending. The CA is processing your order,
> please wait. (9/30)
> [Wed Sep 17 12:54:37 PM CEST 2025] Pending. The CA is processing your order,
> please wait. (10/30)
> [Wed Sep 17 12:54:40 PM CEST 2025] Pending. The CA is processing your order,
> please wait. (11/30)
> [Wed Sep 17 12:54:43 PM CEST 2025] Pending. The CA is processing your order,
> please wait. (12/30)
> [Wed Sep 17 12:54:47 PM CEST 2025] Pending. The CA is processing your order,
> please wait. (13/30)
> [Wed Sep 17 12:54:50 PM CEST 2025] Pending. The CA is processing your order,
> please wait. (14/30)
> [Wed Sep 17 12:54:53 PM CEST 2025] Pending. The CA is processing your order,
> please wait. (15/30)
> [Wed Sep 17 12:54:57 PM CEST 2025] Pending. The CA is processing your order,
> please wait. (16/30)
> [Wed Sep 17 12:55:00 PM CEST 2025] Pending. The CA is processing your order,
> please wait. (17/30)
> [Wed Sep 17 12:55:03 PM CEST 2025] Pending. The CA is processing your order,
> please wait. (18/30)
> [Wed Sep 17 12:55:06 PM CEST 2025] Pending. The CA is processing your order,
> please wait. (19/30)
> [Wed Sep 17 12:55:10 PM CEST 2025] Pending. The CA is processing your order,
> please wait. (20/30)
> [Wed Sep 17 12:55:13 PM CEST 2025] Pending. The CA is processing your order,
> please wait. (21/30)
> [Wed Sep 17 12:55:16 PM CEST 2025] Pending. The CA is processing your order,
> please wait. (22/30)
> [Wed Sep 17 12:55:20 PM CEST 2025] Pending. The CA is processing your order,
> please wait. (23/30)
> [Wed Sep 17 12:55:23 PM CEST 2025] Pending. The CA is processing your order,
> please wait. (24/30)
> [Wed Sep 17 12:55:26 PM CEST 2025] Pending. The CA is processing your order,
> please wait. (25/30)
> [Wed Sep 17 12:55:29 PM CEST 2025] Pending. The CA is processing your order,
> please wait. (26/30)
> [Wed Sep 17 12:55:33 PM CEST 2025] Pending. The CA is processing your order,
> please wait. (27/30)
> [Wed Sep 17 12:55:36 PM CEST 2025] Pending. The CA is processing your order,
> please wait. (28/30)
> [Wed Sep 17 12:55:39 PM CEST 2025] Pending. The CA is processing your order,
> please wait. (29/30)
> [Wed Sep 17 12:55:42 PM CEST 2025] testhost.myown.home: Timeout
> [Wed Sep 17 12:55:42 PM CEST 2025] Removing DNS records.
> [Wed Sep 17 12:55:42 PM CEST 2025] Removing txt:
> JtLRfxGl3S0WZoYaVYJ3BWZCIk011AhHsu-WircaITk for domain:
> _acme-challenge.testhost.myown.home
> [Wed Sep 17 12:55:43 PM CEST 2025] removing
> _acme-challenge.testhost.myown.home. txt
> [Wed Sep 17 12:55:43 PM CEST 2025] Successfully removed
> [Wed Sep 17 12:55:43 PM CEST 2025] Please add '--debug' or '--log' to see
> more information.
> [Wed Sep 17 12:55:43 PM CEST 2025] See:
> https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh
> During 12.49 PM when ACME.sh registered the account and added the TXT
> message, I got the following in the journalctl on the certificated.myown.home:
> {
> "__CURSOR" :
> "s=5819b12a49b64582a726181e92d271cb;i=10fb;b=013473d30295440782ff29490d3dc9fe;m=2d2ac928bed;t=63efcfc2c08c2;x=efdcb09f0f131d1e",
> "_CMDLINE" : "/usr/bin/step-ca config/ca.json --password-file
> /[redacted step path]/secrets/password",
> "_GID" : "996",
> "_SYSTEMD_INVOCATION_ID" : "85c5974ec43b4e56b4b1c77cef15930e",
> "_CAP_EFFECTIVE" : "400",
> "__REALTIME_TIMESTAMP" : "1758106143688898",
> "_STREAM_ID" : "56b55ea55fd84f62a58435206f03676e",
> "_SYSTEMD_UNIT" : "step-ca.service",
> "_UID" : "999",
> "SYSLOG_IDENTIFIER" : "step-ca",
> "_PID" : "2226",
> "_BOOT_ID" : "013473d30295440782ff29490d3dc9fe",
> "_SELINUX_CONTEXT" : "unconfined\n",
> "SYSLOG_FACILITY" : "3",
> "_MACHINE_ID" : "e3c0f10a80284f7fb1f3cd5ef5476c92",
> "_EXE" : "/usr/bin/step-ca",
> "_RUNTIME_SCOPE" : "system",
> "_SYSTEMD_CGROUP" : "/system.slice/step-ca.service",
> "_HOSTNAME" : "certificates",
> "_COMM" : "step-ca",
> "__MONOTONIC_TIMESTAMP" : "3103861672941",
> "_SYSTEMD_SLICE" : "system.slice",
> "MESSAGE" : "time=\"2025-09-17T12:49:03+02:00\" level=info
> duration=\"58.755µs\" duration-ns=58755
> fields.time=\"2025-09-17T12:49:03+02:00\" method=GET name=ca
> path=/acme/acme/directory protocol=HTTP/2.0 referer=
> remote-address=[redacted].23 request-id=a4421749-4cbd-4128-a22a-3de5ce439a4e
> response=\"{\\\"newNonce\\\":\\\https://[redacted].22/acme/acme/new-nonce\\\,\\\"newAccount\\\":\\\https://[redacted].22/acme/acme/new-account\\\,\\\"newOrder\\\":\\\https://[redacted].22/acme/acme/new-order\\\,\\\"revokeCert\\\":\\\https://[redacted].22/acme/acme/revoke-cert\\\,\\\"keyChange\\\":\\\https://[redacted].22/acme/acme/key-change\\\}\";
> size=282 status=200 user-agent=\"acme.sh/3.1.2
> (https://github.com/acmesh-official/acme.sh)\" user-id=",
> "PRIORITY" : "6",
> "_TRANSPORT" : "stdout"
> }
> {
> "_PID" : "2226",
> "_SYSTEMD_UNIT" : "step-ca.service",
> "_COMM" : "step-ca",
> "_GID" : "996",
> "_CMDLINE" : "/usr/bin/step-ca config/ca.json --password-file
> /[redacted step path]/secrets/password",
> "MESSAGE" : "time=\"2025-09-17T12:49:04+02:00\" level=info
> duration=3.178139ms duration-ns=3178139
> fields.time=\"2025-09-17T12:49:04+02:00\" method=HEAD name=ca
> nonce=UzROdnlhVXc2SHVnbkZOV1YxTVFlamxzV3U3ZVhFa0I path=/acme/acme/new-nonce
> protocol=HTTP/2.0 referer= remote-address=[redacted].23
> request-id=0063c780-2e22-4b3c-b0e3-e0a9e211619b size=0 status=200
> user-agent=\"acme.sh/3.1.2 (https://github.com/acmesh-official/acme.sh)\"
> user-id=",
> "__CURSOR" :
> "s=5819b12a49b64582a726181e92d271cb;i=10fc;b=013473d30295440782ff29490d3dc9fe;m=2d2ac998662;t=63efcfc330336;x=dab3e11aced4bad7",
> "_UID" : "999",
> "SYSLOG_FACILITY" : "3",
> "_BOOT_ID" : "013473d30295440782ff29490d3dc9fe",
> "SYSLOG_IDENTIFIER" : "step-ca",
> "_CAP_EFFECTIVE" : "400",
> "_SYSTEMD_SLICE" : "system.slice",
> "_HOSTNAME" : "certificates",
> "_EXE" : "/usr/bin/step-ca",
> "_STREAM_ID" : "56b55ea55fd84f62a58435206f03676e",
> "_RUNTIME_SCOPE" : "system",
> "__REALTIME_TIMESTAMP" : "1758106144146230",
> "__MONOTONIC_TIMESTAMP" : "3103862130274",
> "_SYSTEMD_INVOCATION_ID" : "85c5974ec43b4e56b4b1c77cef15930e",
> "PRIORITY" : "6",
> "_SELINUX_CONTEXT" : "unconfined\n",
> "_MACHINE_ID" : "e3c0f10a80284f7fb1f3cd5ef5476c92",
> "_TRANSPORT" : "stdout",
> "_SYSTEMD_CGROUP" : "/system.slice/step-ca.service"
> }
> {
> "PRIORITY" : "6",
> "_MACHINE_ID" : "e3c0f10a80284f7fb1f3cd5ef5476c92",
> "_BOOT_ID" : "013473d30295440782ff29490d3dc9fe",
> "SYSLOG_IDENTIFIER" : "step-ca",
> "_EXE" : "/usr/bin/step-ca",
> "_SYSTEMD_CGROUP" : "/system.slice/step-ca.service",
> "__REALTIME_TIMESTAMP" : "1758106144332324",
> "_SYSTEMD_SLICE" : "system.slice",
> "__MONOTONIC_TIMESTAMP" : "3103862316368",
> "_GID" : "996",
> "_STREAM_ID" : "56b55ea55fd84f62a58435206f03676e",
> "_HOSTNAME" : "certificates",
> "_COMM" : "step-ca",
> "MESSAGE" : "time=\"2025-09-17T12:49:04+02:00\" level=info
> duration=10.229178ms duration-ns=10229178
> fields.time=\"2025-09-17T12:49:04+02:00\" method=POST name=ca
> nonce=SWEwNVFNczcySlBlZUhwcFNpald0TmJrUEdEekh3V3g path=/acme/acme/new-account
> protocol=HTTP/2.0 referer= remote-address=[redacted].23
> request-id=3be4d4bb-5479-4904-8b73-b53f0fbbb150
> response=\"{\\\"contact\\\":[\\\mailto:t...@test.com\\\],\\\"status\\\":\\\"valid\\\",\\\"orders\\\":\\\https://[redacted].22/acme/acme/account/6J2ZJJSxnYO27u6bpFUtBrJ1CCtHkfcA/orders\\\}\";
> size=144 status=201 user-agent=\"acme.sh/3.1.2
> (https://github.com/acmesh-official/acme.sh)\" user-id=",
> "_SYSTEMD_INVOCATION_ID" : "85c5974ec43b4e56b4b1c77cef15930e",
> "_SELINUX_CONTEXT" : "unconfined\n",
> "_CMDLINE" : "/usr/bin/step-ca config/ca.json --password-file
> /[redacted step path]/secrets/password",
> "_RUNTIME_SCOPE" : "system",
> "_CAP_EFFECTIVE" : "400",
> "_TRANSPORT" : "stdout",
> "_SYSTEMD_UNIT" : "step-ca.service",
> "_UID" : "999",
> "SYSLOG_FACILITY" : "3",
> "_PID" : "2226",
> "__CURSOR" :
> "s=5819b12a49b64582a726181e92d271cb;i=10fd;b=013473d30295440782ff29490d3dc9fe;m=2d2ac9c5d50;t=63efcfc35da24;x=8d727976330d3e21"
> }
> {
> "_BOOT_ID" : "013473d30295440782ff29490d3dc9fe",
> "_COMM" : "step-ca",
> "_MACHINE_ID" : "e3c0f10a80284f7fb1f3cd5ef5476c92",
> "_HOSTNAME" : "certificates",
> "_TRANSPORT" : "stdout",
> "_GID" : "996",
> "_CMDLINE" : "/usr/bin/step-ca config/ca.json --password-file
> /[redacted step path]/secrets/password",
> "_UID" : "999",
> "SYSLOG_FACILITY" : "3",
> "_SYSTEMD_UNIT" : "step-ca.service",
> "_STREAM_ID" : "56b55ea55fd84f62a58435206f03676e",
> "_PID" : "2226",
> "PRIORITY" : "6",
> "_SYSTEMD_CGROUP" : "/system.slice/step-ca.service",
> "_CAP_EFFECTIVE" : "400",
> "__MONOTONIC_TIMESTAMP" : "3103862794284",
> "_SYSTEMD_INVOCATION_ID" : "85c5974ec43b4e56b4b1c77cef15930e",
> "__REALTIME_TIMESTAMP" : "1758106144810241",
> "_SYSTEMD_SLICE" : "system.slice",
> "SYSLOG_IDENTIFIER" : "step-ca",
> "_EXE" : "/usr/bin/step-ca",
> "_SELINUX_CONTEXT" : "unconfined\n",
> "__CURSOR" :
> "s=5819b12a49b64582a726181e92d271cb;i=10fe;b=013473d30295440782ff29490d3dc9fe;m=2d2aca3a82c;t=63efcfc3d2501;x=d6ac118a2c53c6a4",
> "_RUNTIME_SCOPE" : "system",
> "MESSAGE" : "time=\"2025-09-17T12:49:04+02:00\" level=info
> duration=17.863338ms duration-ns=17863338
> fields.time=\"2025-09-17T12:49:04+02:00\" method=POST name=ca
> nonce=RmJ1Z0RkY0JXQk9LaEdLcU9PdDZId2NXUW5xcUdqekQ path=/acme/acme/new-order
> protocol=HTTP/2.0 referer= remote-address=[redacted].23
> request-id=3f8bd00e-6c59-4de8-b5b4-2c51cf2f6bd8
> response=\"{\\\"id\\\":\\\"OnEbnpn9KtE5yH27Oflg3BZwTBns4x7t\\\",\\\"status\\\":\\\"pending\\\",\\\"expires\\\":\\\"2025-09-18T10:49:04Z\\\",\\\"identifiers\\\":[{\\\"type\\\":\\\"dns\\\",\\\"value\\\":\\\"testhost.myown.home\\\"}],\\\"notBefore\\\":\\\"2025-09-17T10:48:04Z\\\",\\\"notAfter\\\":\\\"2025-09-18T10:49:04Z\\\",\\\"authorizations\\\":[\\\https://[redacted].22/acme/acme/authz/KYqNFxZVSmSG33yfHbjs5pCqAIxeENm7\\\],\\\"finalize\\\":\\\https://[redacted].22/acme/acme/order/OnEbnpn9KtE5yH27Oflg3BZwTBns4x7t/finalize\\\}\";
> size=414 status=201 user-agent=\"acme.sh/3.1.2
> (https://github.com/acmesh-official/acme.sh)\" user-id="
> }
> {
> "_EXE" : "/usr/bin/step-ca",
> "_SELINUX_CONTEXT" : "unconfined\n",
> "_MACHINE_ID" : "e3c0f10a80284f7fb1f3cd5ef5476c92",
> "_CAP_EFFECTIVE" : "400",
> "_PID" : "2226",
> "SYSLOG_IDENTIFIER" : "step-ca",
> "_GID" : "996",
> "SYSLOG_FACILITY" : "3",
> "_RUNTIME_SCOPE" : "system",
> "__CURSOR" :
> "s=5819b12a49b64582a726181e92d271cb;i=10ff;b=013473d30295440782ff29490d3dc9fe;m=2d2aca7f1fb;t=63efcfc416ed0;x=8c246ed311a302e",
> "_SYSTEMD_INVOCATION_ID" : "85c5974ec43b4e56b4b1c77cef15930e",
> "_COMM" : "step-ca",
> "MESSAGE" : "time=\"2025-09-17T12:49:05+02:00\" level=info
> duration=5.975201ms duration-ns=5975201
> fields.time=\"2025-09-17T12:49:05+02:00\" method=POST name=ca
> nonce=R3JoSUljRVU0cU5HcGhQeDdwRWJvV2o0RG9EQnBWdlg
> path=/acme/acme/authz/KYqNFxZVSmSG33yfHbjs5pCqAIxeENm7 protocol=HTTP/2.0
> referer= remote-address=[redacted].23
> request-id=21a5b8f1-2e06-4270-9c78-36756eed0454
> response=\"{\\\"identifier\\\":{\\\"type\\\":\\\"dns\\\",\\\"value\\\":\\\"testhost.myown.home\\\"},\\\"status\\\":\\\"pending\\\",\\\"challenges\\\":[{\\\"type\\\":\\\"dns-01\\\",\\\"status\\\":\\\"pending\\\",\\\"token\\\":\\\"MjJKsBOb7QhF8NLH9OUNgVzfNNXky6rh\\\",\\\"url\\\":\\\https://[redacted].22/acme/acme/challenge/KYqNFxZVSmSG33yfHbjs5pCqAIxeENm7/n5wxEJwQaiIUZVtShgqh9Tzu0ypHe92V\\\},{\\\"type\\\":\\\"http-01\\\",\\\"status\\\":\\\"pending\\\",\\\"token\\\":\\\"MjJKsBOb7QhF8NLH9OUNgVzfNNXky6rh\\\",\\\"url\\\":\\\https://[redacted].22/acme/acme/challenge/KYqNFxZVSmSG33yfHbjs5pCqAIxeENm7/zoCrJwaGduKM01OzNFwmk0pUate4MWpp\\\}],\\\"wildcard\\\":false,\\\"expires\\\":\\\"2025-09-18T10:49:04Z\\\"}\";
> size=542 status=200 user-agent=\"acme.sh/3.1.2
> (https://github.com/acmesh-official/acme.sh)\" user-id=",
> "__MONOTONIC_TIMESTAMP" : "3103863075323",
> "_SYSTEMD_SLICE" : "system.slice",
> "_HOSTNAME" : "certificates",
> "_STREAM_ID" : "56b55ea55fd84f62a58435206f03676e",
> "PRIORITY" : "6",
> "_BOOT_ID" : "013473d30295440782ff29490d3dc9fe",
> "_SYSTEMD_CGROUP" : "/system.slice/step-ca.service",
> "__REALTIME_TIMESTAMP" : "1758106145091280",
> "_TRANSPORT" : "stdout",
> "_CMDLINE" : "/usr/bin/step-ca config/ca.json --password-file
> /[redacted step path]/secrets/password",
> "_SYSTEMD_UNIT" : "step-ca.service",
> "_UID" : "999"
> }
> While the ACME.sh script slept for 300 seconds, I ran on the DNS server:
> dig @192.168.2.21 TXT _acme-challenge.testhost.myown.home. Verifying that the
> TXT record was added correctly.
> ; <<>> DiG 9.18.33-1~deb12u2-Debian <<>> @[redacted].21 TXT
> _acme-challenge.testhost.myown.home.
> ; (1 server found)
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37924
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 1232
> ; COOKIE: db03a0646b58f1cf0100000068ca92262d763b3f9b6e48a7 (good)
> ;; QUESTION SECTION:
> ;_acme-challenge.testhost.myown.home. IN TXT
> ;; ANSWER SECTION:
> _acme-challenge.testhost.myown.home. 600 IN TXT
> "JtLRfxGl3S0WZoYaVYJ3BWZCIk011AhHsu-WircaITk"
> ;; Query time: 0 msec
> ;; SERVER: [redacted].21#53([redacted].21) (UDP)
> ;; WHEN: Wed Sep 17 12:49:10 CEST 2025
> ;; MSG SIZE rcvd: 155
> From 12.54 PM when ACME.sh tried to verify the the FQDN
> testhost.myown.home, I got the following output in the journalctl of the PKI
> of each of the 30 attempts:
> {
> "_CAP_EFFECTIVE" : "400",
> "__MONOTONIC_TIMESTAMP" : "3104165836085",
> "_SYSTEMD_UNIT" : "step-ca.service",
> "_MACHINE_ID" : "e3c0f10a80284f7fb1f3cd5ef5476c92",
> "PRIORITY" : "6",
> "_STREAM_ID" : "56b55ea55fd84f62a58435206f03676e",
> "_SYSTEMD_CGROUP" : "/system.slice/step-ca.service",
> "_PID" : "2226",
> "__REALTIME_TIMESTAMP" : "1758106447852041",
> "SYSLOG_FACILITY" : "3",
> "_RUNTIME_SCOPE" : "system",
> "_HOSTNAME" : "certificates",
> "_CMDLINE" : "/usr/bin/step-ca config/ca.json --password-file
> /[redacted step path]/secrets/password",
> "_TRANSPORT" : "stdout",
> "_COMM" : "step-ca",
> "MESSAGE" : "time=\"2025-09-17T12:54:07+02:00\" level=info
> duration=20.569994ms duration-ns=20569994
> fields.time=\"2025-09-17T12:54:07+02:00\" method=POST name=ca
> nonce=M3dsVFlIV2dOR2ZNc0w4RlBkNjV4S3RxTGROMVdQZnE
> path=/acme/acme/challenge/KYqNFxZVSmSG33yfHbjs5pCqAIxeENm7/n5wxEJwQaiIUZVtShgqh9Tzu0ypHe92V
> protocol=HTTP/2.0 referer= remote-address=[redacted].23
> request-id=cab15bca-630d-471e-953a-2e83afb36dfd
> response=\"{\\\"type\\\":\\\"dns-01\\\",\\\"status\\\":\\\"pending\\\",\\\"token\\\":\\\"MjJKsBOb7QhF8NLH9OUNgVzfNNXky6rh\\\",\\\"url\\\":\\\https://[redacted].22/acme/acme/challenge/KYqNFxZVSmSG33yfHbjs5pCqAIxeENm7/n5wxEJwQaiIUZVtShgqh9Tzu0ypHe92V\\\,\\\"error\\\":{\\\"type\\\":\\\"urn:ietf:params:acme:error:dns\\\",\\\"detail\\\":\\\"There
> was a problem with a DNS query during identifier validation\\\"}}\" size=322
> status=200 user-agent=\"acme.sh/3.1.2
> (https://github.com/acmesh-official/acme.sh)\" user-id=",
> "_EXE" : "/usr/bin/step-ca",
> "SYSLOG_IDENTIFIER" : "step-ca",
> "_BOOT_ID" : "013473d30295440782ff29490d3dc9fe",
> "_UID" : "999",
> "_GID" : "996",
> "_SYSTEMD_INVOCATION_ID" : "85c5974ec43b4e56b4b1c77cef15930e",
> "_SELINUX_CONTEXT" : "unconfined\n",
> "__CURSOR" :
> "s=5819b12a49b64582a726181e92d271cb;i=1100;b=013473d30295440782ff29490d3dc9fe;m=2d2beb3b535;t=63efd0e4d3209;x=4b57da03825cd994",
> "_SYSTEMD_SLICE" : "system.slice"
> }
> {
> "__CURSOR" :
> "s=5819b12a49b64582a726181e92d271cb;i=1101;b=013473d30295440782ff29490d3dc9fe;m=2d2bee58f91;t=63efd0e7f0c65;x=a9161de4e298eae5",
> "_RUNTIME_SCOPE" : "system",
> "_SYSTEMD_CGROUP" : "/system.slice/step-ca.service",
> "SYSLOG_IDENTIFIER" : "step-ca",
> "_COMM" : "step-ca",
> "_SYSTEMD_SLICE" : "system.slice",
> "_PID" : "2226",
> "PRIORITY" : "6",
> "_CMDLINE" : "/usr/bin/step-ca config/ca.json --password-file
> /[redacted step path]/secrets/password",
> "_CAP_EFFECTIVE" : "400",
> "__MONOTONIC_TIMESTAMP" : "3104169103249",
> "_GID" : "996",
> "SYSLOG_FACILITY" : "3",
> "__REALTIME_TIMESTAMP" : "1758106451119205",
> "_MACHINE_ID" : "e3c0f10a80284f7fb1f3cd5ef5476c92",
> "_EXE" : "/usr/bin/step-ca",
> "_UID" : "999",
> "_SYSTEMD_UNIT" : "step-ca.service",
> "_HOSTNAME" : "certificates",
> "_SELINUX_CONTEXT" : "unconfined\n",
> "_BOOT_ID" : "013473d30295440782ff29490d3dc9fe",
> "_TRANSPORT" : "stdout",
> "_SYSTEMD_INVOCATION_ID" : "85c5974ec43b4e56b4b1c77cef15930e",
> "_STREAM_ID" : "56b55ea55fd84f62a58435206f03676e",
> "MESSAGE" : "time=\"2025-09-17T12:54:11+02:00\" level=info
> duration=5.976054ms duration-ns=5976054
> fields.time=\"2025-09-17T12:54:11+02:00\" method=POST name=ca
> nonce=aU9venZXaHJBOGNKRlBYcUU1WkM5U0NiUmVtczlwckk
> path=/acme/acme/authz/KYqNFxZVSmSG33yfHbjs5pCqAIxeENm7 protocol=HTTP/2.0
> referer= remote-address=[redacted].23
> request-id=97b6d3c0-7f70-4aec-a83a-8949c26617c6
> response=\"{\\\"identifier\\\":{\\\"type\\\":\\\"dns\\\",\\\"value\\\":\\\"testhost.myown.home\\\"},\\\"status\\\":\\\"pending\\\",\\\"challenges\\\":[{\\\"type\\\":\\\"dns-01\\\",\\\"status\\\":\\\"pending\\\",\\\"token\\\":\\\"MjJKsBOb7QhF8NLH9OUNgVzfNNXky6rh\\\",\\\"url\\\":\\\https://[redacted].22/acme/acme/challenge/KYqNFxZVSmSG33yfHbjs5pCqAIxeENm7/n5wxEJwQaiIUZVtShgqh9Tzu0ypHe92V\\\,\\\"error\\\":{\\\"type\\\":\\\"urn:ietf:params:acme:error:dns\\\",\\\"detail\\\":\\\"There
> was a problem with a DNS query during identifier
> validation\\\"}},{\\\"type\\\":\\\"http-01\\\",\\\"status\\\":\\\"pending\\\",\\\"token\\\":\\\"MjJKsBOb7QhF8NLH9OUNgVzfNNXky6rh\\\",\\\"url\\\":\\\https://[redacted].22/acme/acme/challenge/KYqNFxZVSmSG33yfHbjs5pCqAIxeENm7/zoCrJwaGduKM01OzNFwmk0pUate4MWpp\\\}],\\\"wildcard\\\":false,\\\"expires\\\":\\\"2025-09-18T10:49:04Z\\\"}\";
> size=669 status=200 user-agent=\"acme.sh/3.1.2
> (https://github.com/acmesh-official/acme.sh)\" user-id="
> }
> …This last message is repeated 29 times, for attempt 2 till 30 as shown in
> the output of the acme.sh…
> Kind regards,
> Vinvar
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
> this list.
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list.
