Certbot rfc2136

Mark Andrews marka at isc.org
Mon Oct 25 05:40:00 UTC 2021 


> On 25 Oct 2021, at 06:39, Paul van der Vlis <paul at vandervlis.nl> wrote:
> 
> Hello,
> 
> I am trying to get Certbot working using rfc2136. But during the validation I get these errors:
> -------
> Oct 24 02:14:21 ns1 named[343]: client @0x7f70e43b7d08 45.95.238.187#57242/key test3.hallo24.nl: updating zone 'hallo24.nl/IN'
> : adding an RR at '_acme-challenge.test3.hallo24.nl' TXT "qYxXiH34V8T0lFtsUOd_BPMZCBiA-FgAiJ-0nUGHsYE"
> Oct 24 02:14:21 ns1 named[343]: dns_dnssec_findzonekeys2: error reading Khallo24.nl.+013+02962.private: file not found
> Oct 24 02:14:21 ns1 named[343]: dns_dnssec_findzonekeys2: error reading Khallo24.nl.+013+01290.private: file not found
> -------
> 
> These files are in /etc/bind/keys/, and normally that's no problem.
> 
> I've tried to specify the "key-directory" in the bind configuration, but when I do that I get an error during "rndc reload", so I cannot specify a key-directory.  This is Bind 9.16.15 from Debian 11.
> 
> What do I wrong?

Failed to post the actual error messages reported.  Named would have logged error messages.

Failed to post what you actually did.  “I tried to specify the "key-directory" in the bind configuration” is not what you actually did.  Post the parts of named.conf.

Failed to run named-checkconf before you ran 'rndc reload’ to check that you didn’t have an error.

How do you start named?  Do you run chrooted?

At the moment you are saying “I did something. It didn’t work. Tell me what I did wrong.”  Without crystal balls no one here has a chance of telling you.

> Does somebody know a good howto to get this working? I use now this:
> https://certbot-dns-rfc2136.readthedocs.io/en/stable/
> but in my opinion it's not complete enough.
> 
> With regards,
> Paul
> 
> 
> 
> 
> 
> 
> 
> -- 
> Paul van der Vlis Linux systeembeheer Groningen
> https://www.vandervlis.nl/
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
> 
> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
> 
> 
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742              INTERNET: marka at isc.org

More information about the bind-users mailing list