I recently ran into this issue when trying to create / renew my SSL certificate with Nginx Proxy Manager and wanted to share what I did to finally get it renewed to help save others hours of the same issue.
The Problem
No matter how many times I tried, I would continually get this response when trying to renew or create a certificate using a DNS challenge with DuckDNS using Nginx Proxy Manager: The DNS response does not contain an answer to the question: IN TXT
Context
My home network stack is composed of:
A fairly standard AdGuard instance running on a Raspberry Pi
A Home Assistant instance running AdGuard and Nginx Proxy Manager
DuckDNS routes
My AdGuard instance were redirecting DNS queries for my Home Assistant Domain, call it my-home-assistant.duckdns.org to the IP of my Nginx Proxy Manager instance which was running on my Home Assistant.
The Solution
I’m not sure what tipped me off but it dawned on me that the AdGuard instances may have been interfering with the certificate renewal process, even though I was making a DNS challenge using DuckDNS, and low and behold I was correct.
I removed the AdGuard DNS instances from my router’s DNS table, navigated to my Home Assistant’s IP, went to the Nginx Proxy Manager instance and performed the certificate renewal again and it worked!
I’m not sure what in AdGuard is causing DuckDNS to return this kind of response but the solution is to remove AdGuard from your DNS on the router and then perform your certificate renewal.
You can force certbot not to use TXT, just add the following in the “Credentials File Content” text box when configuring DuckDNS, during the new proxy host setup:
Fixing the cert renewal for an existing host requires access to the conf files, no GUI option I’m afraid.
Edit the npm-??.conf file located in .../letsencrypt/renewal/ and add the dns_duckdns_no_txt_restore = True line there.
I have also a similar error on my HA while trying to create the letsencrypt certificate, but my configuration is different:
HA (Hassio OS) running as a proxmox-VM
AdGuard is running as a proxmox-lxc-Container on the same proxmox host
my AdGuard rewrites my HA-URL (let’s name ist myha.duckdns.org) to the LAN-IP of my HA-VM (192.168.x.y)
no nginx- or ngninx-proxy-manager-addon activated in my HA
no portforwarding to the HA-VM in my router
on duckdns.org.WebUI I pointed the URL myha.duckdns.org to the LAN-IP of my HA-VM (192.168.x.y)
With this configuration I tried to create a letsencrypt certificate by using the DNS-challenge-method, but I alwasy get the error
“*Requesting a certificate for myha.duckdns. org * The DNS response does not contain an answer to the question: myha.duckdns. org. IN TXT”
in letsencrypt-addon-protocol.
I also tried to put in the line “dns_duckdns_no_txt_restore: True” to the letsencrypt-addon-config in the DNS-field.
