Hi can some one helm mi with that trouble?
i try to renew cetrificate and get that problem (down below) i am new at this thing, and see new topic about it but i dont get it, where i new config fire wall or some thing
My domain is: 161tower.agroexpert2007.ru
The operating system my web server runs on is (include version):
ubuntu server 20.04
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know):
i think yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
It seems like there may be geo filter on Jino's nameservers. I would suggest trying again, and if it doesn't work still, let Jino's support know. Possibly send them this link:
thank you for light speed answer, i send ticket to jino.ru and hope he say me some info, you sure it may be it? at log of error i am not sure 100% there error is, because dns checker see my dns (a name) just right, and i fear mb its in my side problem
Emphasis mine. This bit suggests, that those additional “remote perspectives” couldn't query an authoritative DNS server for your domain. Those perspectives query NS servers directly. So a dns checker you used may work just fine, but this checker may simply be in a place, that is not blocked by Jino.
On a separate note: please don't use this option. It does not suddenly it magically cause a failing authorisation attempt work. (Which would be BAD for the web PKI if people could force isuance for domains they didn't own.)
The --force-renewal option is rarely usefull. When improperly used, it can cause hitting rate limits.
Your issue is most likely not your command, but an issue with your DNS as previously mentioned. I just wanted to warn you not to use the --force-renewal option.
I'm seeing a consistent timeout from the U.S. when trying to do the DNS lookup over IPv6 (not IPv4), specifically to Jino's nameserver ns2.jino.ru (2001:1bb0:e000:1e::917). I don't see this failure with any other Jino nameserver, or when querying over IPv4.
It's possible that this specific nameserver is misconfigured, but that nobody normally sees a problem with it. The Let's Encrypt secondary validation does many more lookups (preferring IPv6 instead of IPv4) from many more locations, compared to an ordinary human Internet user, and doesn't retry in response to certain kinds of failures, which is different from most ordinary operating systems!
I repeated that many times and got the same problem quite consistently, again, only with ns2.jino.ru (no other nameserver) and only with IPv6 (not IPv4).
In nslookup it looks like this (always):
> server ns2.jino.ru
Default server: ns2.jino.ru
Address: 2001:1bb0:e000:1e::917#53
Default server: ns2.jino.ru
Address: 195.161.62.86#53
> set type=soa
> jino.ru
;; communications error to 2001:1bb0:e000:1e::917#53: timed out
;; communications error to 2001:1bb0:e000:1e::917#53: timed out
;; communications error to 2001:1bb0:e000:1e::917#53: timed out
nslookup then attempts to do the same lookup using ns2.jino.ru's IPv4 address (195.161.62.86) and that succeeds. But I don't think the Let's Encrypt validation servers would be willing to retry after that kind of failure.
Nope, the Let's Encrypt validation servers are looking at your site from several different places around the world, using a very "stringent" or "paranoid" configuration, in the sense that they will return a failure in response to a fairly wide range of timeout or protocol errors, even when other software would retry in that situation.
Do you think you could convince Jiro that there might be a problem with this specific nameserver? It might be an outage or a typographical error in the IPv6 address of that server, rather than a geographic restriction, maybe?
If not, you could consider trying to use a different DNS host. Your DNS host does not necessarily have to be the same organization as your web host (unless that is a policy requirement from your web host for some reason).
