Hi,
I have set up a scheduled task to renew letsencrypt certificate for wocobook.com. The domain is DNS hosted with cloudflare, so I am using the Cloudflare API plugin for WinAcme.
As can be seen from below it looks like there is a timeout with the 1.1.1.1 ns
- same happens if I switch to 8.8.8.8 ns
. Our firewall does not block any requests to either name server, and I can easily connect to both using a simple telnet command like telnet 1.1.1.1 53
So renewal fails with below output and I am not sure where to start - any inputs welcome.
Renewal for [IIS] wocobook.com, (any host) failed, will retry on next run.
Error(s):
- Validation failed
- No certificate generated
Hosts | ||
---|---|---|
cdn.wocobook.com, wocobook.com, www.wocobook.com | ||
Plugins | ||
Target: | IIS | |
Validation: | Cloudflare | |
Order: | Single | |
Csr: | RSA | |
Store: | CertificateStore | |
Installation: | IIS |
Log output:
- Information - Plugin "IIS" generated source "wocobook.com" with 3 identifiers
- Information - Plugin "Single" created 1 order
- Information - Renewing "[IIS] wocobook.com, (any host)"
- Warning - Cached order has status "invalid", discarding
- Information - ["cdn.wocobook.com"] Cached authorization result: "valid"
- Information - ["wocobook.com"] Cached authorization result: "valid"
- Information - ["www.wocobook.com"] Authorizing...
- Information - ["www.wocobook.com"] Authorizing using "dns-01" validation ("Cloudflare")
- Warning - Unable to find or contact authoritative name servers for "_acme-challenge.www.wocobook.com": "Query 41098 => wocobook.com IN NS on 1.1.1.1:53 timed out or is a transient error."
- Error - ["www.wocobook.com"] Authorization result: "invalid"
- Error - ["www.wocobook.com"] "{"type":"urn:ietf:params:acme:error:unauthorized","detail":"No TXT record found at _acme-challenge.www.wocobook.com","status":403,"instance":null}"
- Information - ["www.wocobook.com"] Deactivating pending authorization
- Error - Renewal for "[IIS] wocobook.com, (any host)" failed, will retry on next run
- Error - Validation failed
- Error - No certificate generated
Sent by win-acme version 2.2.4.1500 from SERVER_NAME
IIS 10.0.20348.1 / Windows Server 2022 - dedicated server.
Using Winacme
A simple Windows ACMEv2 client (WACS)
Software version 2.2.4.1500 (release, pluggable, standalone, 64-bit)
Connecting to https://acme-v02.api.letsencrypt.org/...
Connection OK!