Let's Encrypt Add-On fails with PENDING TXT records at Google DNS

Configuration
1

I’m trying to get the Let’s Encrypt Add-on to work but this is failing. Looking at the Googe DNS API logging I’m finding PENDING entries which are created for Let’s Encrypt to validate the owner. I assume that due to the fact these created records are PENDING, Let’s encrypt is not able to proceed. Any suggestions why they are PENDING? Is there a way to get more details from the Let’s Encrypt add-on to debug this issue?

Below Let’s Encrypt Logging output

Waiting for verification...
Challenge failed for domain famderidder.com
dns-01 challenge for famderidder.com
Cleaning up challenges
Attempting refresh to obtain initial access_token
Refreshing access_token
Some challenges have failed.
IMPORTANT NOTES:
 - The following errors were reported by the server:
   Domain: famderidder.com
   Type:   dns
   Detail: DNS problem: NXDOMAIN looking up TXT for
   _acme-challenge.famderidder.com - check that a DNS record exists
   for this domain

Below Google Loggin

Request
   Change > additions
      Change > additions 1
         Name _acme-challenge.famderidder.com.
         Rrdata donOmpr_pY7Xz-rSvImY8WVew98-hl1IqLEbHxswPe0
         Ttl 60
         Type TXT
         Project dns-hosting-330318
     Response > change
        Additions
           Additions 1
              Name _acme-challenge.famderidder.com.
              Rrdata "donOmpr_pY7Xz-rSvImY8WVew98-hl1IqLEbHxswPe0"
              Ttl 60
             Type TXT
             Id 24
            Start time 2021-10-29T16:02:11.541Z
     **Status PENDING**
2

hi, did you resolve this? i’m trying to setup lets encrypt too
i created a zone in google cloud dns, when i start the addon, i see a txt record being created with a token
on my google domains, i also created there that specific _acme-challenge txt record, but i still get that TXT not found record

did you fix? screenshots are welcome :slight_smile:

3

No still an issue and no response sofar. The only way I can get it working is manual changing the record. (Which works perfect with the same user account???)

image
image1316×737 66.4 KB

4

hey, i got it working, but the certificate was created for the zone i created on google cloud dns like, for example, i created a zone like acme.abc.com

so the SSL was for acme.abc.com, in google domain i created a cname for that acme …

then below, i created a DDNS record, so i can dynamicly update… created there an wildcard for *.abc.com

but the problem is that acme.abc.com was already a cname, so they only record i was not able to ping was acme.abc.com … like pinging 123.abc.com works … but the ssl is useless , it was created for acme.abc.com, while i need it to be created for *abc.com

tried creating the zone abc.com with cname records on the google domain, didnt work for me :frowning:

5

Hi, I don’t see the solution in your answer. Did you also had PENDING dns changes waiting for something?
I’m trying to create a wild card certificate for my domain which works when I enter the challenge manually in Google DNS. But this should work automatically and for some reason it’s waiting (PENDING) on something undefined?

6

It never worked for me, stopped using it