Ansible letsencrypt failing dns resolution

My domain is: 247.kvs.be

I ran this command: no command it is using ansible

It produced this output:

Could not access the challenge file for the hosts/domains: 247.kvs.be. Let's
Encrypt requires every domain/host be publicly accessible. Make sure that a
valid DNS record exists for 247.kvs.be and that they point to this server's
IP. If you don't want these domains in your SSL certificate, then remove them
from `site_hosts`. See https://roots.io/trellis/docs/ssl for more details.
failed: [20.67.80.105] (item=247.kvs.be) => {"ansible_loop_var": "item", "changed": false, "item": {"ansible_loop_var": "item", "changed": false, "failed": true, "failed_hosts": ["247.kvs.be"], "invocation": {"module_args": {"file": "ping.txt", "hosts": ["247.kvs.be"], "path": ".well-known/acme-challenge"}}, "item": {"key": "247.kvs.be", "value": {"admin_email": "wp@cursorpointer.be", "admin_user": "dominator", "branch": "master", "cache": {"duration": "30s", "enabled": false, "skip_cache_cookie": "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in", "skip_cache_uri": "/wp-admin/|/wp-json/|/xmlrpc.php|wp-.*.php|/feed/|index.php|sitemap(_index)?.xml"}, "local_path": "../kvs-247.be", "multisite": {"enabled": false}, "repo": "git@github.com:undefinedio/kvs-247.be.git", "site_hosts": [{"canonical": "247.kvs.be"}], "ssl": {"enabled": true, "provider": "letsencrypt"}}}, "rc": 1}}

My web server is (include version): nginx/1.21.6

The operating system my web server runs on is (include version): ubuntu 20.04

My hosting provider, if applicable, is: azure

I can login to a root shell on my machine (yes or no, or I don't know):
yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no

Is there a tool to see propagation DNS changes for letsencrypt ?

Hi @koraysels and Welcome to the community!

Might help

Does Ansible also provide an exact error message from the Let's Encrypt validation server somewhere? To me, the current output isn't helping very much to be honest.

Why do you think there is a DNS problem?

It works now.. is there a tool we can use to see if letsencrypt dns resolves correctly?

Sorry for being brief, sent from my iPhone

What do you mean by "resolves correctly"?

Let's Encrypt doesn't cache DNS queries, it goes to the authoritative DNS each time.

I mean check which ip the letsencypt server resolves to so the acme challenge can correctly function and the certificate can be created. Sometimes it takes a long time after changes to a DNS record. I would like to be able to see when letsencrypt resolves to the newly set IP so i can run the script. a DNS checker specifically for letsencrypt if you will. that would be super handy!

yes, but which DNS server is letsencypt using? because i know of this tool, but it gives me no more information than where the new IPs are updated.. i don;t know which server gets used by letsencypt

There is no "DNS server" used by LE. It's using the Unbound software to "crawl" the entire DNS tree, starting at the root DNS servers, crawling down the tree using the TLD servers all the way to the authorative DNS servers.

You can use unboundtest.com to mimic this procedure.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.