Certificate cant create from please. Dns ERROR

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: kozmetiktoptancisi.com

I ran this command: when i did create a certificate from plesk controll planel.

It produced this output:

Invalid response from https://acme-v02.api.letsencrypt.org/acme/authz-v3/9118420502.


Type: urn:ietf:params:acme:error:dns

Status: 400

Detail: During secondary validation: DNS problem: query timed out looking up A for kozmetiktoptancisi.com

1 Like

Welcome to the Let's Encrypt Community :slightly_smiling_face:

That error means that the Let's Encrypt main server successfully reached kozmetiktoptancisi.com to get an authentication file, but some Let's Encrypt secondary servers could not reach kozmetiktoptancisi.com. Please try again to see if the problem persists.

Hi @yedekmatik

one of your name servers is buggy - see https://check-your-website.server-daten.de/?q=kozmetiktoptancisi.com


There is a timeout checking EDNS. And your zone definitions are inconsistent.

Fatal: Inconsistency between delegation and zone. The set of NS records served by the 
authoritative name servers must match those proposed for the delegation in the 
parent zone.: ns1.kozmetiktoptancisi.com ( Delegation: 
ns13.fiberserver.com, ns14.fiberserver.com, Zone: ns1.kozmetiktoptancisi.com, 
ns2.kozmetiktoptancisi.com. Name Servers defined in Delegation, missing in Zone: 
ns13.fiberserver.com, ns14.fiberserver.com.Name Servers defined in Zone, 
missing in Delegation: ns1.kozmetiktoptancisi.com, ns2.kozmetiktoptancisi.com.

Effektive only one ip address works. May be fix your delegation and remove the not working ns14 server.

May be there are some random timeouts, so the first DNS check works, one of the secondary not.

And your website

Host Type IP-Address is auth. ∑ Queries ∑ Timeout
kozmetiktoptancisi.com A Eyüpsultan/Istanbul/Turkey (TR) - Sadecehosting Hostname: win1.fibersunucu.com.tr yes 3 2
AAAA yes
www.kozmetiktoptancisi.com CNAME kozmetiktoptancisi.com yes 1 0
A Eyüpsultan/Istanbul/Turkey (TR) - Sadecehosting Hostname: win1.fibersunucu.com.tr yes

has the same ip address, 3 queries, so 2 didn't work. That's a fatal dns configuration.


If you follow the DNS tree, the root servers show these two DNS servers as authoritative for your domain:

nslookup -q=ns kozmetiktoptancisi.com j.gtld-servers.net
kozmetiktoptancisi.com  nameserver = ns13.fiberserver.com
kozmetiktoptancisi.com  nameserver = ns14.fiberserver.com
ns13.fiberserver.com    internet address =
ns14.fiberserver.com    internet address =

If you ask either of those two, they say otherwise:

nslookup -q=ns kozmetiktoptancisi.com ns13.fiberserver.com
kozmetiktoptancisi.com  nameserver = ns2.kozmetiktoptancisi.com
kozmetiktoptancisi.com  nameserver = ns1.kozmetiktoptancisi.com
ns2.kozmetiktoptancisi.com      internet address =
ns1.kozmetiktoptancisi.com      internet address =

One could argue that the IPs are the same (included in the root reply).
But that is inconsequential.
The names are NOT the same and this creates a DNS problem.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.