cPanel - unable to find SOA record

[chiragd]

I am using your tool via nginx proxy manager.

It produced this output:

CommandError: Saving debug log to /tmp/letsencrypt-log/letsencrypt.log
Error adding TXT record: Unable to find SOA record.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /tmp/letsencrypt-log/letsencrypt.log or re-run Certbot with -v for more details.

    at /app/lib/utils.js:16:13
    at ChildProcess.exithandler (node:child_process:430:5)
    at ChildProcess.emit (node:events:519:28)
    at maybeClose (node:internal/child_process:1105:16)
    at ChildProcess._handle.onexit (node:internal/child_process:305:5)

From the logfile mentioned above

2024-12-16 11:38:03,114:DEBUG:acme.client:Storing nonce: GJdccAF6WgNcqXG0vA7O4JvVL0hQFSHPzgQy7q3jle9C4xQgsQ4
2024-12-16 11:38:03,115:INFO:certbot._internal.auth_handler:Performing the following challenges:
2024-12-16 11:38:03,115:INFO:certbot._internal.auth_handler:dns-01 challenge for my.domain.uk
2024-12-16 11:38:03,115:INFO:certbot._internal.auth_handler:dns-01 challenge for my.domain.uk
2024-12-16 11:38:03,463:DEBUG:certbot_dns_cpanel.dns_cpanel:{'preevent': {'result': 1}, 'func': 'fetchzones', 'data': [{'statusmsg': 'Zones fetched', 'zones': [REDACTED], 'status': 1}]}
2024-12-16 11:38:04,837:DEBUG:certbot_dns_cpanel.dns_cpanel:{'func': 'fetchzone_records', 'apiversion': 2, 'event': {'result': 1}, 'preevent': {'result': 1}, 'data': [], 'postevent': {'result': 1}, 'module': 'ZoneEdit'}
2024-12-16 11:38:04,837:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "/opt/certbot/bin/certbot", line 8, in <module>
    sys.exit(main())
             ^^^^^^
  File "/opt/certbot/lib/python3.11/site-packages/certbot/main.py", line 19, in main
    return internal_main.main(cli_args)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/main.py", line 1894, in main
    return config.func(config, plugins)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/main.py", line 1600, in certonly
    lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/main.py", line 143, in _get_and_save_cert
    lineage = le_client.obtain_and_enroll_certificate(domains, certname)
              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/client.py", line 517, in obtain_and_enroll_certificate
    cert, chain, key, _ = self.obtain_certificate(domains)
                          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/client.py", line 428, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/client.py", line 496, in _get_order_and_authorizations
    authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/certbot/lib/python3.11/site-packages/certbot/_internal/auth_handler.py", line 88, in handle_authorizations
    resps = self.auth.perform(achalls)
            ^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/certbot/lib/python3.11/site-packages/certbot/plugins/dns_common.py", line 76, in perform
    self._perform(domain, validation_domain_name, validation)
  File "/opt/certbot/lib/python3.11/site-packages/certbot_dns_cpanel/dns_cpanel.py", line 58, in _perform
    self._get_cpanel_client().add_txt_record(validation_domain_name, validation)
  File "/opt/certbot/lib/python3.11/site-packages/certbot_dns_cpanel/dns_cpanel.py", line 112, in add_txt_record
    raise errors.PluginError("Error adding TXT record: %s" % response_data['data'][0]['result']['statusmsg'])
certbot.errors.PluginError: Error adding TXT record: Unable to find SOA record.
2024-12-16 11:38:04,839:ERROR:certbot._internal.log:Error adding TXT record: Unable to find SOA record.
My web server is (include version): NA

Running cPanel with generic host. When logging into cPanel no SOA records are shown. The host says they are only shown in WHM, not cpanel.

Running cPanel 120.0.22

[aduzsardi]

have you tried with a trailing dot at the end of your domain ?
like example.com.

[chiragd]

The nginx proxy manager UI doesn't allow for a trailing dot at the end of the domain. The tool does work if I use a top level domain, but doesn't work at all for a subdomain.

mydomain.uk == works
lan.mydomain.uk == error, unable to find SOA record.

Why is this?

[aduzsardi]

Weird, i just tried this and worked so must be something else going on. Not entirely sure how does nginx proxy manager fit into this

Requesting a certificate for lan.pwd.com and *.lan.pwd.com
Unsafe permissions on credentials configuration file: /home/aduzsardi/cpanel/credentials.ini
Waiting 30 seconds for DNS changes to propagate

Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/lan.pwd.com/fullchain.pem
Key is saved at:         /etc/letsencrypt/live/lan.pwd.com/privkey.pem
This certificate expires on 2025-03-16.
These files will be updated when the certificate renews.

To note that i don't have a separate dns zone in cPanel for lan.pwd.com and pwd.com respectively

[irrisor]

I had the same problem. It was resolved by deleting the "Domain" (actually subdomain, like lan.pwd.com), instead creating manual entries in the "Zone Editor" for it. So, for me it worked when having something like "pwd.com" in the list of "Domain"s but no subdomains (which is also possible).