Certbot/getssl reports dns errors

My domain is: soft-land.org

I ran this command: certbot certonly

It produced this output:
Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
Domain: budget.soft-land.org
Type: dns
Detail: DNS problem: query timed out looking up A for budget.soft-land.org; DNS problem: query timed out looking up AAAA for budget.soft-land.org

My web server is (include version): Apache 2.4

The operating system my web server runs on is (include version): Ubuntu 24.04.2 LTS

My hosting provider, if applicable, is: Hetzner

I can login to a root shell on my machine (yes or no, or I don't know):yep

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):nope

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 2.9.0

Welcome @DavideB

It looks like your DNS Server is not responding to UDP requests over IPv6. This can cause the DNS timeout error you see.

See: budget.soft-land.org | DNSViz

2 Likes

Is there any way to restrict the checking on IPV4? last time I could renew the certificates, this time it seems is not cooperating.

If you have an AAAA record for IPv6 it should work. If you don't support IPv6 remove the AAAA record.

But note this isn't for your server itself. Your DNS server is the one not replying on IPv6. You might consider using a free professional-grade DNS Server rather than your single DNS server. Something like Cloudflare perhaps.

3 Likes