Can't get challenges, does limits matter?

Help
1

I am trying to certify "русвуз.рф" domain and yesterday I got

16.16.120.72 - - [22/May/2024:02:24:41 +0000] "GET /.well-known/acme-challenge/S9yxfO5q4cKh8_TszvI9L3Nk6UjFfOXyuw8cOwjLSs8 HTTP/1.1" 404 153 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)" "-"
16.16.120.72 - - [22/May/2024:02:24:41 +0000] "GET /.well-known/acme-challenge/REsvcNNTvtOE3TlJC5d2lIGWxcH5Ya3dKqTiF001iN4 HTTP/1.1" 404 153 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)" "-"
54.202.42.76 - - [22/May/2024:02:24:41 +0000] "GET /.well-known/acme-challenge/S9yxfO5q4cKh8_TszvI9L3Nk6UjFfOXyuw8cOwjLSs8 HTTP/1.1" 404 153 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)" "-"
35.162.142.159 - - [22/May/2024:02:24:41 +0000] "GET /.well-known/acme-challenge/REsvcNNTvtOE3TlJC5d2lIGWxcH5Ya3dKqTiF001iN4 HTTP/1.1" 404 153 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)" "-"
52.15.230.50 - - [22/May/2024:02:24:42 +0000] "GET /.well-known/acme-challenge/REsvcNNTvtOE3TlJC5d2lIGWxcH5Ya3dKqTiF001iN4 HTTP/1.1" 404 153 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)" "-"
18.143.169.134 - - [22/May/2024:02:24:42 +0000] "GET /.well-known/acme-challenge/REsvcNNTvtOE3TlJC5d2lIGWxcH5Ya3dKqTiF001iN4 HTTP/1.1" 404 153 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)" "-"
52.15.230.50 - - [22/May/2024:02:24:42 +0000] "GET /.well-known/acme-challenge/S9yxfO5q4cKh8_TszvI9L3Nk6UjFfOXyuw8cOwjLSs8 HTTP/1.1" 404 153 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)" "-"
23.178.112.106 - - [22/May/2024:02:24:42 +0000] "GET /.well-known/acme-challenge/S9yxfO5q4cKh8_TszvI9L3Nk6UjFfOXyuw8cOwjLSs8 HTTP/1.1" 404 153 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)" "-"
23.178.112.105 - - [22/May/2024:02:24:43 +0000] "GET /.well-known/acme-challenge/REsvcNNTvtOE3TlJC5d2lIGWxcH5Ya3dKqTiF001iN4 HTTP/1.1" 404 153 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)" "-"

with no successful certification (my mistake in Nginx conf)

But not today. Today Nginx logs are empty, does it mean that I hit the limit?

2

You haven't said how you are requesting your certificate, you will be using some software (certbot, and other tool or your website control panel etc) to request the certificate. That software will log errors somewhere if there is a problem. Yes, you may have temporarily encountered a rate limit.

When you submit a question on this forum you are asked to fill out a set of questions, this is to help us help you.

3 Likes
3

I have used certbot command in docker

"certonly",
      "-v",
      "--webroot",
      "-w",
      "/usr/share/nginx/html",
      "--email",
      "mtabs_web@hotmail.com",
      "--agree-tos",
            "-d",
            "xn--b1akzejc.xn--p1ai",
            "-d",
            "www.xn--b1akzejc.xn--p1ai",

Today logs of certbot said
DNS problem: NXDOMAIN looking up A for xn--b1akzejc.xn--p1ai - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for xn--b1akzejc.xn--p1ai - check that a DNS record exists for this domain

I am confused, because https://русвуз.рф/security/login does work, host has resolved well

4

That doesn't resolve for me. Does that just work from your own network?

https://toolbox.googleapps.com/apps/dig/

https://dnsviz.net/d/xn--b1akzejc.xn--p1ai/dnssec/

2 Likes
5

Oh!!! When I turned off VPN in doesn't resolve for me also! VPN DNS seems a little bit old, someone changed A AAA records. Thank you for point me!

2 Likes
6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.