My domain is: tferreira.tk (and subdomain civil.tferreira.tk)
I ran this command: certbot renew --dry-run
It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Processing /etc/letsencrypt/renewal/civil.tferreira.tk.conf
Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator nginx, Installer nginx
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for civil.tferreira.tk
Waiting for verification...
Cleaning up challenges
Attempting to renew cert (civil.tferreira.tk) from /etc/letsencrypt/renewal/civil.tferreira.tk.conf produced an unexpected error: Failed authorization procedure. civil.tferreira.tk (http-01): urn:ietf:params:acme:error:dns :: DNS problem: query timed out looking up CAA for tk. Skipping.
Processing /etc/letsencrypt/renewal/tferreira.tk.conf
Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator nginx, Installer nginx
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for tferreira.tk
Waiting for verification...
Cleaning up challenges
Attempting to renew cert (tferreira.tk) from /etc/letsencrypt/renewal/tferreira.tk.conf produced an unexpected error: Failed authorization procedure. tferreira.tk (http-01): urn:ietf:params:acme:error:dns :: DNS problem: query timed out looking up CAA for tk. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/civil.tferreira.tk/fullchain.pem (failure)
/etc/letsencrypt/live/tferreira.tk/fullchain.pem (failure)
** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates below have not been saved.)All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/civil.tferreira.tk/fullchain.pem (failure)
/etc/letsencrypt/live/tferreira.tk/fullchain.pem (failure)
** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates above have not been saved.)
2 renew failure(s), 0 parse failure(s)
IMPORTANT NOTES:
The following errors were reported by the server:
Domain: civil.tferreira.tk
Type: None
Detail: DNS problem: query timed out looking up CAA for tkThe following errors were reported by the server:
Domain: tferreira.tk
Type: None
Detail: DNS problem: query timed out looking up CAA for tk
My web server is (include version): nginx/1.14.0 (Ubuntu)
The operating system my web server runs on is (include version): Ubuntu 18.04
My hosting provider, if applicable, is: OVH
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you're using Certbot): certbot 0.31.0
Additional information: Performing a dig to get the CAA records works fine
; <<>> DiG 9.10.6 <<>> tferreira.tk caa
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49392
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;tferreira.tk. IN CAA;; AUTHORITY SECTION:
tferreira.tk. 1008 IN SOA roan.ns.cloudflare.com. dns.cloudflare.com. 2032610764 10000 2400 604800 3600;; Query time: 11 msec
;; SERVER: 10.39.10.1#53(10.39.10.1)
;; WHEN: Fri Nov 22 17:00:54 WET 2019
;; MSG SIZE rcvd: 103