I ran this command: certbot certonly --manual --agree-tos --renew-by-default --email myemail@gmail.com -d toaanvinhthanh.gov.vn -d www.toaanvinhthanh.gov.vn
It produced this output:
Waiting for verification...
Challenge failed for domain toaanvinhthanh.gov.vn
Challenge failed for domain www.toaanvinhthanh.gov.vn
http-01 challenge for toaanvinhthanh.gov.vn
http-01 challenge for www.toaanvinhthanh.gov.vn
Cleaning up challenges
Some challenges have failed.
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: toaanvinhthanh.gov.vn
Type: dns
Detail: DNS problem: SERVFAIL looking up A for
toaanvinhthanh.gov.vn - the domain's nameservers may be
malfunctioning
Domain: www.toaanvinhthanh.gov.vn
Type: dns
Detail: DNS problem: SERVFAIL looking up A for
www.toaanvinhthanh.gov.vn - the domain's nameservers may be
malfunctioning
When i use directadmin, it takes a lot of time then I get the message:
Requesting new certificate order...
Processing https://acme-v02.api.letsencrypt.org/acme/authz-v3/4460160632...
Processing authorization for toaanvinhthanh.gov.vn...
Waiting for domain verification...
Let's Encrypt was unable to verify the challenge. Unable to update challenge :: authorization must be pending. Exiting...
My web server is (include version): Apache/2
The operating system my web server runs on is (include version): CentOS Linux release 7.8.2003 (Core)
My hosting provider, if applicable, is: Vietnam Posts And Telecommunications Group (https://vhost.vn/)
I can login to a root shell on my machine (yes or no, or I don’t know): Yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): directadmin
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 1.3.0
I tried again at 12:08:01 GMT +07:00, the same result
Waiting for verification...
Challenge failed for domain toaanvinhthanh.gov.vn
Challenge failed for domain www.toaanvinhthanh.gov.vn
http-01 challenge for toaanvinhthanh.gov.vn
http-01 challenge for www.toaanvinhthanh.gov.vn
Cleaning up challenges
Some challenges have failed.
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: toaanvinhthanh.gov.vn
Type: dns
Detail: DNS problem: SERVFAIL looking up A for
toaanvinhthanh.gov.vn - the domain's nameservers may be
malfunctioning
Domain: www.toaanvinhthanh.gov.vn
Type: dns
Detail: DNS problem: SERVFAIL looking up A for
www.toaanvinhthanh.gov.vn - the domain's nameservers may be
malfunctioning
I get a site inactive for toaanvinhthanh.gov.vn for IP address 103.97.124.238
Pinging returns 64 bytes in 237ms/packet, 5 packets ok in 4004ms.
MX lookup returns: DNS No Valid NameServers Responded
What’s funny is that your domain is setup with two DNS servers:
toaanvinhthanh.gov.vn nameserver = ns1.vinades.vn
toaanvinhthanh.gov.vn nameserver = ns3.vinades.vn
But both resolve to the same IP.
[and IP that is non-responsive from the U.S] nslookup toaanvinhthanh.gov.vn ns1.vinades.vn
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 112.213.89.3
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
*** Request to UnKnown timed-out
wait here comes the funny part:
I noticed that it jumps from NS1 to NS3, so I tried NS2
Lo and behold it works just fine (from the U.S.): nslookup toaanvinhthanh.gov.vn ns2.vinades.vn
Server: UnKnown
Address: 222.255.121.247
Name: toaanvinhthanh.gov.vn
Address: 103.97.124.238
So if you have any control over your domain’s DNS settings, you might want to include the NS2 server.
----- Unbound logs -----
May 09 06:58:51 unbound[17227:0] notice: init module 0: validator
...
May 09 06:59:06 unbound[17227:0] info: 127.0.0.1 toaanvinhthanh.gov.vn. A IN NOERROR 13.318287 0 55
15 seconds, that's extremly slow.
The Cloudflare part to find the ip addresses of your name servers is ok, same shows the "12. NameServer-IPAddresses" of "check your website".
But then:
May 09 06:58:55 unbound[17227:0] info: query response was ANSWER
May 09 06:58:56 unbound[17227:0] info: response for toaanvinhthanh.gov.vn. A IN
May 09 06:58:56 unbound[17227:0] info: reply from <toaanvinhthanh.gov.vn.> 112.213.89.3#53
May 09 06:58:56 unbound[17227:0] info: query response was ANSWER
May 09 06:58:57 unbound[17227:0] info: Capsforid: timeouts, starting fallback
May 09 06:58:58 unbound[17227:0] info: response for toaanvinhthanh.gov.vn. A IN
May 09 06:58:58 unbound[17227:0] info: reply from <toaanvinhthanh.gov.vn.> 112.213.89.3#53
May 09 06:58:58 unbound[17227:0] info: Capsforid: reply is equal. go to next fallback
May 09 06:58:59 unbound[17227:0] info: response for toaanvinhthanh.gov.vn. A IN
May 09 06:58:59 unbound[17227:0] info: reply from <toaanvinhthanh.gov.vn.> 112.213.89.3#53
May 09 06:58:59 unbound[17227:0] info: Capsforid: reply is equal. go to next fallback
May 09 06:59:01 unbound[17227:0] info: response for toaanvinhthanh.gov.vn. A IN
May 09 06:59:01 unbound[17227:0] info: reply from <toaanvinhthanh.gov.vn.> 112.213.89.3#53
May 09 06:59:01 unbound[17227:0] info: Capsforid: starting fallback
May 09 06:59:01 unbound[17227:0] info: response for toaanvinhthanh.gov.vn. A IN
May 09 06:59:01 unbound[17227:0] info: reply from <toaanvinhthanh.gov.vn.> 112.213.89.3#53
May 09 06:59:01 unbound[17227:0] info: Capsforid: reply is equal. go to next fallback
May 09 06:59:01 unbound[17227:0] info: query response was ANSWER
6 seconds, that's extremly slow, there are timeouts. And it's your name server - 112.213.89.3.
X Nameserver Timeout checking Echo Capitalization: ns1.vinades.vn
Looks like that subnet
Fatal: All Name Server IPv4 addresses from the same subnet.:
Fatal: Only one Name Server IPv4 address found
blocks or your name server has too much things to do. And is wrong configured. Yep, trying directly, there is a timeout, it's impossible to connect your ip address.
