Hi, get an error trying to renew a letsencrypt certificate with lego.
Oct 02 09:29:31 acme lego[1798063]: [*.sub.example.com] [*.sub.example.com] acme: error presenting token: desec: could not find zone for domain "sub.example.com" and fqdn "_acme-challenge.sub.example.com." : could not find the start of authority for _acme-challenge.sub.example.com.: NOERROR
Oct 02 09:29:31 acme lego[1798063]: [sub.example.com] [sub.example.com] acme: error presenting token: desec: could not find zone for domain "sub.example.com" and fqdn "_acme-challenge.sub.example.com." : could not find the start of authority for _acme-challenge.sub.example.com.: NOERROR
The error message seems to come from the desec api. Does anyone have a clue whats going on? I’ve generated the cert some months ago using the same setup without errors.
The error message indicates that the account that lego is using to publish the acme challenge does not contain a domain suitable to publish the challenge in the DNS. (For example, your challenge should be at sub.example.com but the account only contains the domains example.net and example.org.)
Has the domain be deleted or moved to a different account?
Thanks, nils. The domain hasn’t been deleted or moved. I might have deleted some records for sub.example.com in the past because I use it only for internal purposes but I’m not sure.
I already tried adding _acme-challenge.sub & _acme-challenge as TXT and an A record for sub and instructed lego to use one of desecs ns server directly (DNS_RESOLVERS='45.54.76.1:53') to avoid any caching. I’ve also tried a new token. Same results.