ACME-DNS fails to create a certificate

[adocampo]

I'm trying to create both a wildcard and host certificate through NPM, and I can't get it to work. I couldn't find any instructions to set up properly, so I've searched on GitHub and Reddit, but if someone has any issue I wasn't able to find anything similar.

Checklist

• Have you pulled and found the error with jc21/nginx-proxy-manager:latest docker image?
  • Yes
• Are you sure you're not using someone else's docker image?
  • Yes
• Have you searched for similar issues (both open and closed)?
  • Yes

Describe the bug
Since a month or so, I migrated my email from gmail to my own server hosted in a VPS with mail-in-a-box (MiaB), which has its own DNS server. It is working just fine, not just with email, but all my services hosted on my home server were working as well, jut by creating the DNS entries on my MiaB.

Then Let's Encrypt certificates expired. I was running a normal nginx server, and had a cron to renew my old LE wildard certificate when my DNS was on OVH, but now I wanted to migrate from nginx to NPM and use its LE integration.

So after reading the possibilities, I found ACME-DNS was the right tool to create/renew the certificates. I found no documentation anywhere, so that's what I did, perhaps I did it wrong and that's why it isn't working, so please, if anyone can point me in the right direction, would be awesome (my Home Assistant is now inaccessible, and I can't even control the lights!)

First, following the ACME-DNS instructions, I asked the API for credentials with

curl -s -X POST https://auth.acme-dns.io/register |python -m json.tool
{
    "username": "a73054f6-198b-46b1-bbae-2c11c7d46dfe",
    "password": "XWBz_XYUH5UaZaKAFuMlcMc2WjkG6W0OuC89PrbU",
    "fulldomain": "075264b8-a3a7-4f7a-b7f7-290e473f696f.auth.acme-dns.io",
    "subdomain": "075264b8-a3a7-4f7a-b7f7-290e473f696f",
    "allowfrom": []
}

Then, i'd created the CNAME entry 075264b8-a3a7-4f7a-b7f7-290e473f696f.auth.acme-dns.io as _acme-challenge.mydomain.net
With dig I could see that was created properly

Then, on NPM's GUI, I created a reverse proxy

And on the SSL tab, tried to create a certificate like this

Setting the dns_acmedns_api_url to https://auth.acme-dns.io/ which is the URL I used on the aforementioned step and I created the credentials json file as I saw on #946:

 {
   "home.mydomain.net": {
     "username": "a73054f6-198b-46b1-bbae-2c11c7d46dfe",
     "password": "XWBz_XYUH5UaZaKAFuMlcMc2WjkG6W0OuC89PrbU",
     "fulldomain": "075264b8-a3a7-4f7a-b7f7-290e473f696f.auth.acme-dns.io",
     "subdomain": "075264b8-a3a7-4f7a-b7f7-290e473f696f",
     "allowfrom": []
   }
 }

Clicked on "Save" on the GUI and after a while, appeared this error

Error: Command failed: certbot certonly --config "/etc/letsencrypt.ini" --work-dir "/tmp/letsencrypt-lib" --logs-dir "/tmp/letsencrypt-log" --cert-name "npm-15" --agree-tos --email "docampo.angel@gmail.com" --domains "home.mydomain.net" --authenticator dns-acmedns --dns-acmedns-credentials "/etc/letsencrypt/credentials/credentials-15"
Saving debug log to /tmp/letsencrypt-log/letsencrypt.log
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /tmp/letsencrypt-log/letsencrypt.log or re-run Certbot with -v for more details.

    at ChildProcess.exithandler (node:child_process:402:12)
    at ChildProcess.emit (node:events:513:28)
    at maybeClose (node:internal/child_process:1100:16)
    at Process.ChildProcess._handle.onexit (node:internal/child_process:304:5)

NOTE: I don't know why is trying to use /etc/letsencrypt/credentials/credentials-15 which doesn't exist, shouldn't it be /data/acme-registration.json?

On the /tmp/letsencrypt-log/letsencrypt.log appeared this

2023-08-04 10:48:01,759:DEBUG:acme.client:Storing nonce: 891F2Uup6dw2QpapML0FO55YdfNIFDDTPC8so0mz9DVLy9Y
2023-08-04 10:48:01,759:DEBUG:acme.client:JWS payload:
b'{\n  "identifiers": [\n    {\n      "type": "dns",\n      "value": "home.mydomain.net"\n    }\n  ]\n}'
2023-08-04 10:48:01,763:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTI0MDQ4MzM5NiIsICJub25jZSI6ICI4OTFGMlV1cDZkdzJRcGFwTUwwRk81NVlkZk5JRkREVFBDOHNvMG16OURWTHk5WSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvbmV3LW9yZGVyIn0",
  "signature": "kmcn1c2albGc_9aGFgRI33w93bmeINqNMbWiNwXjGH_g8jqYCBQJAi7q0Jj3u-Qu5hlo2_gn_EfscNxuQ0zmnjhd21gTqw8liPl66dGeYR5n6DmNvCfN4UTNdy_Y2YU80sZfoVncgA4zwWg0Sf-V5EOXxgR69-e7e2Ext2NBbQw2l5sW2P53xm1Z9V8N0HPOeXxNctX-QcoHqOx7_NeQf377SzRIlfyV68SQkQv3huXdnjl29XlqTdMvwIB9q5vxwivlIXHrB4SsfJKwZ4IdYnssZiHgVWsLf3yioJd9EUuC6xHgA7iKWcGE0FWfL0Pe-2M5lWmDpkeGSaN_8dVvTA",
  "payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogImhvbWUuZG9jYW1wby5uZXQiCiAgICB9CiAgXQp9"
}
2023-08-04 10:48:02,133:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 342
2023-08-04 10:48:02,134:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Fri, 04 Aug 2023 10:48:02 GMT
Content-Type: application/json
Content-Length: 342
Connection: keep-alive
Boulder-Requester: 1240483396
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-v02.api.letsencrypt.org/acme/order/1240483396/199357268766
Replay-Nonce: 371CiPi8rPaLCgYg7xgE1Wq5zqbsw0-LzEbHxwfXgbHSJIk
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "status": "pending",
  "expires": "2023-08-11T10:48:01Z",
  "identifiers": [
    {
      "type": "dns",
      "value": "home.mydomain.net"
    }
  ],
  "authorizations": [
    "https://acme-v02.api.letsencrypt.org/acme/authz-v3/251849512096"
  ],
  "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/1240483396/199357268766"
}
2023-08-04 10:48:02,134:DEBUG:acme.client:Storing nonce: 371CiPi8rPaLCgYg7xgE1Wq5zqbsw0-LzEbHxwfXgbHSJIk
2023-08-04 10:48:02,134:DEBUG:acme.client:JWS payload:
b''
2023-08-04 10:48:02,136:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/251849512096:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTI0MDQ4MzM5NiIsICJub25jZSI6ICIzNzFDaVBpOHJQYUxDZ1lnN3hnRTFXcTV6cWJzdzAtTHpFYkh4d2ZYZ2JIU0pJayIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHotdjMvMjUxODQ5NTEyMDk2In0",
  "signature": "EZ0fGtr0Ebe9nOHtq9EI_93gwtSVkSl9rmI-CCNrbIZCha3eSyOB6WU7_KJH2gK7djBDxH4n8bvRCy7VmW8YnmAohuW4aOzQXu2QmbUlqavz3jVcLthDtcJ2I7VC246rmSzfuC8DuLdsZE_eU3cjXAJg9_ocH0UJlj8WICxAyiv8vzT9wk_M41DMD_4vyUho1TZpF0yvBCGp_2reWJDp8toyStP5_HoLQWOy1gnCY9Y7kkn7ZAivnk_ox2QP5YljIu_8W6S1qZix25-Up_3dmYwI--c0RdeedtgsBFoIzfS12yWTPodpUS4LwQlBQRe0xZM6b129Scm3eWaLkLWX3A",
  "payload": ""
}
2023-08-04 10:48:02,283:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/251849512096 HTTP/1.1" 200 800
2023-08-04 10:48:02,284:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Fri, 04 Aug 2023 10:48:02 GMT
Content-Type: application/json
Content-Length: 800
Connection: keep-alive
Boulder-Requester: 1240483396
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 891FhTOpiz3RFcxKYkV8txjA9Ph4_HuFXAhRp5MZZNqUJ5A
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "home.mydomain.net"
  },
  "status": "pending",
  "expires": "2023-08-11T10:48:01Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/251849512096/fFSNMg",
      "token": "RrGmCZZE_0-Uec3SOcXTQpIZ37BzCVBCyIYQ5b3ppIE"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/251849512096/SgFZVQ",
      "token": "RrGmCZZE_0-Uec3SOcXTQpIZ37BzCVBCyIYQ5b3ppIE"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/251849512096/i5MIPw",
      "token": "RrGmCZZE_0-Uec3SOcXTQpIZ37BzCVBCyIYQ5b3ppIE"
    }
  ]
}
2023-08-04 10:48:02,284:DEBUG:acme.client:Storing nonce: 891FhTOpiz3RFcxKYkV8txjA9Ph4_HuFXAhRp5MZZNqUJ5A
2023-08-04 10:48:02,285:INFO:certbot._internal.auth_handler:Performing the following challenges:
2023-08-04 10:48:02,285:INFO:certbot._internal.auth_handler:dns-01 challenge for home.mydomain.net
2023-08-04 10:48:02,293:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): auth.acme-dns.io:443
2023-08-04 10:48:02,550:DEBUG:urllib3.connectionpool:https://auth.acme-dns.io:443 "POST //update HTTP/1.1" 307 0
2023-08-04 10:48:02,948:DEBUG:urllib3.connectionpool:https://auth.acme-dns.io:443 "POST /update HTTP/1.1" 200 None
2023-08-04 10:48:02,952:DEBUG:certbot._internal.display.obj:Notifying user: Waiting 10 seconds for DNS changes to propagate
2023-08-04 10:48:12,963:DEBUG:acme.client:JWS payload:
b'{}'
2023-08-04 10:48:12,966:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/251849512096/SgFZVQ:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTI0MDQ4MzM5NiIsICJub25jZSI6ICI4OTFGaFRPcGl6M1JGY3hLWWtWOHR4akE5UGg0X0h1RlhBaFJwNU1aWk5xVUo1QSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvY2hhbGwtdjMvMjUxODQ5NTEyMDk2L1NnRlpWUSJ9",
  "signature": "a3Y_VQtXPjJkOJ3axv033aMFbOMz64ml1MUREF9zrEjbiKl9iqGfu6l8se0DnMGcYCir3jPsS0XmDvqZXWqPLtvtxta_y3nHty9K40HzcJux4X7qks5EYA9BDywy7I2X8PzEKubYo48DhXpfaWKUSLwnzxcielpAjrMYfo7VB1w9YwvzUDtEQChog56PFuLhNWF9pfuc8869phvn2ycW_wJ0aAsMDQIoh9FE7JGFACBJQ4aedDejIAxyvUDKB-A0b7UMqNOYAVOrThU4MQU9eaHRl-9zs_b3p1Bzt0ihK0Z110QC34jo88F1-RPuiXu6T2Bb80D48AsCToIKQM4nJw",
  "payload": "e30"
}
2023-08-04 10:48:13,117:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/251849512096/SgFZVQ HTTP/1.1" 200 186
2023-08-04 10:48:13,118:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Fri, 04 Aug 2023 10:48:13 GMT
Content-Type: application/json
Content-Length: 186
Connection: keep-alive
Boulder-Requester: 1240483396
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-v02.api.letsencrypt.org/acme/authz-v3/251849512096>;rel="up"
Location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/251849512096/SgFZVQ
Replay-Nonce: 371CEifknY9MM2mOm24V3HrO8lKQkapPIkf6VnwZhgCILiQ
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "type": "dns-01",
  "status": "pending",
  "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/251849512096/SgFZVQ",
  "token": "RrGmCZZE_0-Uec3SOcXTQpIZ37BzCVBCyIYQ5b3ppIE"
}
2023-08-04 10:48:13,118:DEBUG:acme.client:Storing nonce: 371CEifknY9MM2mOm24V3HrO8lKQkapPIkf6VnwZhgCILiQ
2023-08-04 10:48:13,119:INFO:certbot._internal.auth_handler:Waiting for verification...
2023-08-04 10:48:14,120:DEBUG:acme.client:JWS payload:
b''
2023-08-04 10:48:14,123:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/251849512096:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTI0MDQ4MzM5NiIsICJub25jZSI6ICIzNzFDRWlma25ZOU1NMm1PbTI0VjNIck84bEtRa2FwUElrZjZWbndaaGdDSUxpUSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHotdjMvMjUxODQ5NTEyMDk2In0",
  "signature": "GDRAnenotagmjDHXS5m5IBS7ctnqHt0ngUwWkpRuUgsHYMY7yoDTvODMQBx7o2W9xp5-v3AL-H9dWwlJrhDpdrvnW9t4V54qCrwxXlXycYQeNPb6yhPSaoh9tGz47Jm0S6SBbm16ij4qokSfEG9b-YfEVflBIKzLCBEOmVYXF0t7TeRYmG8gX3T2OZQe1LglIqCjsgDqTF_1rmsFkXqlqNoO8F0sRVc1z_H5UhWRbd3AXHInU4Ny-2-a7dgwrCNNJt0ycLuO9n2w_yG96BzFaebUG0lrr_k-sIr7nYtkWDdArnvjLV7XGmQWonzgb2SksFAPNI16xPWQvZHLS6SuRw",
  "payload": ""
}
2023-08-04 10:48:14,283:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/251849512096 HTTP/1.1" 200 655
2023-08-04 10:48:14,284:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Fri, 04 Aug 2023 10:48:14 GMT
Content-Type: application/json
Content-Length: 655
Connection: keep-alive
Boulder-Requester: 1240483396
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 891F3SofyEAOstafOOnz2Jv24GZA-7AjHAvcMp4--YQzdjE
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "home.mydomain.net"
  },
  "status": "invalid",
  "expires": "2023-08-11T10:48:01Z",
  "challenges": [
    {
      "type": "dns-01",
      "status": "invalid",
      "error": {
        "type": "urn:ietf:params:acme:error:dns",
        "detail": "DNS problem: NXDOMAIN looking up TXT for _acme-challenge.home.mydomain.net - check that a DNS record exists for this domain",
        "status": 400
      },
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/251849512096/SgFZVQ",
      "token": "RrGmCZZE_0-Uec3SOcXTQpIZ37BzCVBCyIYQ5b3ppIE",
      "validated": "2023-08-04T10:48:13Z"
    }
  ]
}
2023-08-04 10:48:14,284:DEBUG:acme.client:Storing nonce: 891F3SofyEAOstafOOnz2Jv24GZA-7AjHAvcMp4--YQzdjE
2023-08-04 10:48:14,285:INFO:certbot._internal.auth_handler:Challenge failed for domain home.mydomain.net
2023-08-04 10:48:14,285:INFO:certbot._internal.auth_handler:dns-01 challenge for home.mydomain.net
2023-08-04 10:48:14,285:DEBUG:certbot._internal.display.obj:Notifying user: 
Certbot failed to authenticate some domains (authenticator: dns-acmedns). The Certificate Authority reported these problems:
  Domain: home.mydomain.net
  Type:   dns
  Detail: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.home.mydomain.net - check that a DNS record exists for this domain

Hint: The Certificate Authority failed to verify the DNS TXT records created by --dns-acmedns. Ensure the above domains are hosted by this DNS provider, or try increasing --dns-acmedns-propagation-seconds (currently 10 seconds).

2023-08-04 10:48:14,287:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/auth_handler.py", line 108, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, max_time_mins, best_effort)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/auth_handler.py", line 212, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.

2023-08-04 10:48:14,287:DEBUG:certbot._internal.error_handler:Calling registered functions
2023-08-04 10:48:14,287:INFO:certbot._internal.auth_handler:Cleaning up challenges
2023-08-04 10:48:14,291:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "/usr/bin/certbot", line 8, in <module>
    sys.exit(main())
  File "/opt/certbot/lib/python3.7/site-packages/certbot/main.py", line 19, in main
    return internal_main.main(cli_args)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/main.py", line 1864, in main
    return config.func(config, plugins)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/main.py", line 1597, in certonly
    lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/main.py", line 141, in _get_and_save_cert
    lineage = le_client.obtain_and_enroll_certificate(domains, certname)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/client.py", line 516, in obtain_and_enroll_certificate
    cert, chain, key, _ = self.obtain_certificate(domains)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/client.py", line 428, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/client.py", line 496, in _get_order_and_authorizations
    authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/auth_handler.py", line 108, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, max_time_mins, best_effort)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/auth_handler.py", line 212, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
2023-08-04 10:48:14,295:ERROR:certbot._internal.log:Some challenges have failed.

Nginx Proxy Manager Version
v2.10.4

NOTE2: I've tried both using *.mydomain.net and home.mydomain.net, modifying accordingly the /data/acme-registration.json to point to the proper domain.

Operating System
Arch Linux Host. Dockers for all the services. In this example, Home Assistant is using a Host Network, so it has the IP of the hosts, which is reachable from the NPM container. NPM container has its own static IP, which is in the same docker network of all the other docker services which doesn't need to has a host network.

Additional context
Docker version 24.0.5

[tiiraluoto]

I get a similar error with ClouDNS. This is the error I get:

`Error: Command failed: certbot certonly --config "/etc/letsencrypt.ini" --work-dir "/tmp/letsencrypt-lib" --logs-dir "/tmp/letsencrypt-log" --cert-name "npm-14" --agree-tos --email "REDACTED" --domains "*.REDACTED,REDACTED" --authenticator dns-cloudns --dns-cloudns-credentials "/etc/letsencrypt/credentials/credentials-14" --dns-cloudns-propagation-seconds 120
Traceback (most recent call last):
File "/usr/bin/certbot", line 5, in
from certbot.main import main
File "/opt/certbot/lib/python3.7/site-packages/certbot/main.py", line 6, in
from certbot._internal import main as internal_main
File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/main.py", line 28, in
from certbot import crypto_util
File "/opt/certbot/lib/python3.7/site-packages/certbot/crypto_util.py", line 42, in
from certbot import interfaces
File "/opt/certbot/lib/python3.7/site-packages/certbot/interfaces.py", line 21, in
from acme.client import ClientBase
ImportError: cannot import name 'ClientBase' from 'acme.client' (/opt/certbot/lib/python3.7/site-packages/acme/client.py)

at ChildProcess.exithandler (node:child_process:402:12)
at ChildProcess.emit (node:events:513:28)
at maybeClose (node:internal/child_process:1100:16)
at Process.ChildProcess._handle.onexit (node:internal/child_process:304:5)`

[mainTAP]

Did you manage to create the certificates using ACME-DNS ? I am facing the same error.

[github-actions]

Issue is now considered stale. If you want to keep it open, please comment 👍

[tp1050]

i have same

[Hannimal]

samme here

[jaclas]

i have the same :-(
There is no mention of DNS Challenge anywhere in the documentation

[Hannimal]

samme here

Turns out my issue was related to a geo-location filter.:

“What is Multi-Perspective Validation?

Let's Encrypt needs to connect to your DNS server, and in most cases (for the HTTP-01 or TLS-ALPN-01 challenge type 11) also your web server, in order to validate that your client requesting a certificate actually has control over the domain name it's asking for. This is what's meant by "Validation"; see the How It Works 13 documentation page for more details. What "Multi-Perspective" means is that Let's Encrypt checks from multiple places, to make sure that control over the domain is established the same way when looking from different parts of the Internet.”

https://community.letsencrypt.org/t/multi-perspective-validation-geoblocking-faq/218158