:47 AEDT 2019] url=‘https://acme-v01.api.letsencrypt.org/directory’
[Mon Mar 4 11:19:47 AEDT 2019] timeout=
[Mon Mar 4 11:19:47 AEDT 2019] _WGET=‘wget -q --content-on-error ’
[Mon Mar 4 11:20:03 AEDT 2019] Please refer to https://www.gnu.org/software/wget/manual/html_node/Exit-Status.html for error code: 4
[Mon Mar 4 11:20:03 AEDT 2019] ret=‘4’
[Mon Mar 4 11:20:03 AEDT 2019] Can not init api.
[Mon Mar 4 11:20:03 AEDT 2019] Try new-authz for the 0 time.
[Mon Mar 4 11:20:03 AEDT 2019] url
[Mon Mar 4 11:20:03 AEDT 2019] payload=’{“resource”: “new-authz”, “identifier”: {“type”: “dns”, “value”: “email.wtr.com.au”}}’
[Mon Mar 4 11:20:03 AEDT 2019] RSA key
[Mon Mar 4 11:20:03 AEDT 2019] GET
[Mon Mar 4 11:20:03 AEDT 2019] url=‘https://acme-v01.api.letsencrypt.org/directory’
[Mon Mar 4 11:20:03 AEDT 2019] timeout=
[Mon Mar 4 11:20:03 AEDT 2019] _WGET='wget -q --content-on-error ’
[Mon Mar 4 11:20:20 AEDT 2019] ret=‘0’
[Mon Mar 4 11:20:20 AEDT 2019] Could not get nonce, let’s try again.
[Mon Mar 4 11:20:23 AEDT 2019] GET
[Mon Mar 4 11:20:23 AEDT 2019] url=‘https://acme-v01.api.letsencrypt.org/directory’
[Mon Mar 4 11:20:23 AEDT 2019] timeout=
[Mon Mar 4 11:20:23 AEDT 2019] _WGET='wget -q --content-on-error ’
[Mon Mar 4 11:20:39 AEDT 2019] ret=‘0’
[Mon Mar 4 11:20:39 AEDT 2019] Could not get nonce, let’s try again.
[Mon Mar 4 11:20:42 AEDT 2019] GET
[Mon Mar 4 11:20:42 AEDT 2019] url=‘https://acme-v01.api.letsencrypt.org/directory’
[Mon Mar 4 11:20:42 AEDT 2019] timeout=
[Mon Mar 4 11:20:42 AEDT 2019] _WGET='wget -q --content-on-error ’
[Mon Mar 4 11:20:58 AEDT 2019] ret=‘0’
[Mon Mar 4 11:20:58 AEDT 2019] Could not get nonce, let’s try again.
[Mon Mar 4 11:21:01 AEDT 2019] GET
[Mon Mar 4 11:21:01 AEDT 2019] url=‘https://acme-v01.api.letsencrypt.org/directory’
[Mon Mar 4 11:21:01 AEDT 2019] timeout=
[Mon Mar 4 11:21:01 AEDT 2019] _WGET='wget -q --content-on-error ’
Cannot ping acme-v01.api.letsencrypt.org nor wget
wget = failed Name or service known
ping = unknown host
Is the system’s DNS resolver working at all? Can it resolve, say, google.com
or ntp.org
?
yes if i do host google.com i get :
host google.com
google.com has address 216.58.200.110
google.com has IPv6 address 2404:6800:4006:808::200e
google.com mail is handled by 10 aspmx.l.google.com.
google.com mail is handled by 50 alt4.aspmx.l.google.com.
google.com mail is handled by 40 alt3.aspmx.l.google.com.
google.com mail is handled by 30 alt2.aspmx.l.google.com.
google.com mail is handled by 20 alt1.aspmx.l.google.com.
host letsencrypt.org
letsencrypt.org has address 23.49.226.12
letsencrypt.org has IPv6 address 2600:1415:11:485::ce0
letsencrypt.org has IPv6 address 2600:1415:11:496::ce0
letsencrypt.org mail is handled by 10 aspmx3.googlemail.com.
letsencrypt.org mail is handled by 10 aspmx2.googlemail.com.
letsencrypt.org mail is handled by 5 alt2.aspmx.l.google.com.
letsencrypt.org mail is handled by 5 alt1.aspmx.l.google.com.
letsencrypt.org mail is handled by 1 aspmx.l.google.com.
What’s the resolver? Any idea what might be wrong with it?
Does acme-v01.api.letsencrypt.org
work now?
Exactly what does “dig acme-v01.api.letsencrypt.org
” show?
Do these work?
dig cdn.onenote.net
dig mattnordhoff.net
dig www.npr.org
dig acme-v01.api.letsencrypt.org
; <<>> DiG 9.9.5-9+deb8u15-Debian <<>> acme-v01.api.letsencrypt.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 50064
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4000
;; QUESTION SECTION:
;acme-v01.api.letsencrypt.org. IN A
;; Query time: 5007 msec
;; SERVER: private.ip.address#53(private.ip.address) internal address eg 192.168.x.x
;; WHEN: Mon Mar 04 12:44:10 AEDT 2019
;; MSG SIZE rcvd: 57
dig cdn.onenote.net
; <<>> DiG 9.9.5-9+deb8u15-Debian <<>> cdn.onenote.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 56246
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4000
;; QUESTION SECTION:
;cdn.onenote.net. IN A
;; Query time: 5128 msec
;; SERVER: private.ip.address#53(private.ip.address) internal address eg 192.168.x.x
;; WHEN: Mon Mar 04 12:45:03 AEDT 2019
;; MSG SIZE rcvd: 44
dig mattnordhoff.net
; <<>> DiG 9.9.5-9+deb8u15-Debian <<>> mattnordhoff.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 11645
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4000
;; QUESTION SECTION:
;mattnordhoff.net. IN A
;; Query time: 5481 msec
;; SERVER: private.ip.address#53(private.ip.address) internal address eg 192.168.x.x
;; WHEN: Mon Mar 04 12:45:38 AEDT 2019
;; MSG SIZE rcvd: 45
dig www.npr.org
; <<>> DiG 9.9.5-9+deb8u15-Debian <<>> www.npr.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 7191
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4000
;; QUESTION SECTION:
;www.npr.org. IN A
;; Query time: 4903 msec
;; SERVER: private.ip.address#53(private.ip.address) internal address eg 192.168.x.x
;; WHEN: Mon Mar 04 12:46:01 AEDT 2019
;; MSG SIZE rcvd: 40
It seems like your resolver may be unable to resolve .net
domains…
(.com
and .net
use the same DNS infrastructure, so it might be interesting that google.com
worked.)
letsencrypt.org
, onenote.net
and npr.org
use different DNS services, but acme-v01.api.letsencrypt.org
, cdn.onenote.net
and www.npr.org
are all CNAME
s to Akamai’s CDN.
mattnordhoff.net
is on a different DNS service and doesn’t use Akamai.
cdn.onenote.net. 2367 CNAME cdn.onenote.net.edgekey.net.
cdn.onenote.net.edgekey.net. 444 CNAME e1553.dspg.akamaiedge.net.
e1553.dspg.akamaiedge.net. 1 A 184.50.166.121
e1553.dspg.akamaiedge.net. 20 AAAA 2600:141b:5000:58f::611
e1553.dspg.akamaiedge.net. 20 AAAA 2600:141b:5000:59e::611
acme-v01.api.letsencrypt.org. 317 CNAME api.letsencrypt.org-ng.edgekey.net.
api.letsencrypt.org-ng.edgekey.net. 14718 CNAME e14990.dscx.akamaiedge.net.
e14990.dscx.akamaiedge.net. 20 A 104.110.150.170
e14990.dscx.akamaiedge.net. 20 AAAA 2600:141b:13:289::3a8e
e14990.dscx.akamaiedge.net. 20 AAAA 2600:141b:13:29a::3a8e
www.npr.org. 167 CNAME www.npr.org.edgekey.net.
www.npr.org.edgekey.net. 9149 CNAME e4437.dscf.akamaiedge.net.
e4437.dscf.akamaiedge.net. 20 A 23.204.157.90
e4437.dscf.akamaiedge.net. 20 AAAA 2600:141b:5000:596::1155
e4437.dscf.akamaiedge.net. 20 AAAA 2600:141b:5000:59c::1155
Correct thank you mnordhoff was some convoluted DNS setup where failure was intermittent, thank you so much
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.