An unexpected error occurred : No such authorization

Help
1

My domain is: example.com

I ran this command:
echo "Renewing certificate now.."

certbot certonly --authenticator dns-azure --preferred-challenges dns --noninteractive --agree-tos --dns-azure-config ./azure.ini -m ITSOECloudandIaaS-AzureSMEs@example.com $san_args --key-type rsa --config-dir $HOME/.config/letsencrypt --work-dir $HOME/.local/share/letsencrypt --logs-dir $HOME/.cache/letsencrypt -v

It produced this output:

domainname: example.com
Preparing azure.ini file..
azure.ini file created successfully..

checking existing CNAME records..
Renewing certificate now..
Saving debug log to /home/runner/.cache/letsencrypt/letsencrypt.log
Plugins selected: Authenticator dns-azure, Installer None
Account registered.
Requesting a certificate for stage-printapi.example.com and stage-printapi.internal.example.com
An unexpected error occurred:
No such authorization
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /home/runner/.cache/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
Error: Process completed with exit code 1.

My web server is (include version):

The operating system my web server runs on is (include version): Github Action - Image: ubuntu-24.04 - Version: 20250710.1.0

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 4.1.1

hi Team,

Please could you help as why there is an intermittent issue that we run into? It sometimes works fine and sometimes fails with the above mentioned error.
If we re-run, it works fine.

Please note - I am running as a Github Action whose details are as follows -
Image: ubuntu-24.04
Version: 20250710.1.0

Thanks for your support.

2

Firstly, please provide the full domain name as it helps us diagnose the problem, secondly stage-printapi.internal.scale.fulfillment.maersk.com (found through crt.sh | stage-printapi.internal.%) is reporting NXDOMAIN (Non-Existent Domain) and so would not get a certificate.

3

hi @MaxHearnden , This is the DNS during which we got that error - stage-printapi.scale.fulfillment.maersk.com

As I have mentioned it clearly in my description above, it works for others and some times fails for some. And if you try to re-run, it works again.
Not sure what's going on.

Kindly suggest

Thank you.

4

We'd have to see the log file to give better advice.

But, without that I'd guess it could be caused by the DNS delegation problem for that domain. From: stage-printapi.scale.fulfillment.maersk.com | DNSViz

com to maersk.com: The following NS name(s) were found in the authoritative NS RRset, but not in the delegation NS RRset (i.e., in the com zone): a8-67.akam.net, a3-66.akam.net, a18-64.akam.net, a22-65.akam.net See RFC 1034, Sec. 4.2.2.

Depending on how your DNS plugin queries the DNS it might be failing when it sees an NS record not related to your Azure account.

3 Likes
5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.