Certificate error

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: davebjohnson.com

I ran this command: reissue certificate

It produced this output: Could not issue an SSL/TLS certificate for davebjohnson.com
Details

Could not issue a Let's Encrypt SSL/TLS certificate for davebjohnson.com. Authorization for the domain failed.

Details

Invalid response from https://acme-v02.api.letsencrypt.org/acme/authz-v3/347135620557.

Details:

Type: urn:ietf:params:acme:error:dns

Status: 400

Detail: During secondary validation: DNS problem: server failure at resolver looking up A for davebjohnson.com; DNS problem: server failure at resolver looking up AAAA for davebjohnson.com

My web server is (include version): vps.digitalonecreative.com

The operating system my web server runs on is (include version):CentOS 7.0 x64

My hosting provider, if applicable, is:jaguarpc.com

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): Plesk

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

Out of the blue Plesk has been warning me that letsencrypt can issue/renew a certificate for the various domains I have running on the server.
I have checked all my DNS settings through various online DNS and DNS Debuggers like DNSViz MXToolbox, etc and with no resolution. not sure where to go next. This by the way has never been a problem before and has always worked so not sure if a Plesk update or Letsencrypt update has thrown everything into a tizzy.

Any suggestions or help would be greatly appreciated.

Welcome @Digitalone

Do you have a firewall that blocks queries to your custom DNS Servers. Because there was a change recently that might affect you if that's true.

The "Secondary validation" in the message makes me think of this

See

2 Likes

Hello @Digitalone, welcome to the Let's Encrypt community. :slightly_smiling_face:

Most likely should see

Several places around the world see "Not found" for DNS Permanent link to this check report
and "Connection timed out" for HTTP Permanent link to this check report

2 Likes

Thanks for the assistance. That fixed the issue.

Cheers.

Dave

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.