I ran this command: certbot renew --cert-name auth.digiwhat.de --dry-run
I get this output: DNS response for auth.digiwhat.de/AAAA did not have an acceptable response code: SERVFAIL checkout Let's Debug
My web server is (include version): nginx 1.24
The operating system my web server runs on is (include version): ubuntu 22.04
I can login to a root shell on my machine: yes
The version of my client is 1.21.0
I'm wondering what this error mean and how I can debug it.
So far, this domain looks fine to me, pointing to a A record without any fancy configuration.
I use the certbot server for additional domains and it works pretty well, I'm assuming this is then related to the domain but I can't see the differences with others.
That said, the verbose logs of Unbound (the DNS resolving library used by Boulder, the ACME server used by Let's Encrypt) are not the easiest to read..
I don't have any insights to add. Just thought posting some of the messages from near the bottom of the unboundtest log would be helpful.
debug: request ns1.dom.scw.cloud. has exceeded the maximum number of glue fetches 69
debug: return error response SERVFAIL
...
debug: request has exceeded the maximum number of nxdomain nameserver lookups (5) with 6
debug: parent-side information is already present for the delegation point, no fallback possible
debug: return error response SERVFAIL
...
info: validator operate: query auth.digiwhat.de. A IN
debug: validator: nextmodule returned
debug: cannot validate non-answer, rcode SERVFAIL
...
error: SERVFAIL <auth.digiwhat.de. A IN>: exceeded the maximum nameserver nxdomains