Certificate request using old DNS record

Hey there!

I am using vestacp (yeah I know) and when I request a certificate it’s using an old AAAA record.
The error:
Error: Invalid response from http://www.xyce.nl/.well-known/acme-challenge/gtjIAE4HjeweWfRgTV5hB38VfJJFrDz3SEjO0faCwQs [2a01:7c8:eb:0:95:170:70:116]: 404

Though that record does not exist anymore (if I check using a dns checker online, it also doesn’t find it)
I’ve read that let’s encrypt doesn’t use dns caching but I still get this result after 10 hours or so.

I also did a dns check (nslookup) on the server itself and it also didn’t find an AAAA record on that domain.

Any idea what’s going on, or what I am doing wrong?

The record exists according to my local Google Public DNS PoP.

www.xyce.nl.            299     IN      AAAA    2a01:7c8:eb:0:95:170:70:116

According to DNSViz, it’s a wildcard record for *.xyce.nl, and it exists on all of the zone’s nameservers.

http://dnsviz.net/d/www.xyce.nl/XJsVtQ/dnssec/

(Ignore the errors and warning that are just caused by packet loss to a TLD server, or something like that.)

Crap. I even used the dnschecker.org for propagation but apparently that’s isn’t full proof.
I’ll have to wait then. Thanks for your checker, I will use that to check during the day.

I'm not sure if waiting is the answer here. Surely, sometimes it takes a moment for the zone file edit to take effect, but I doubt TransIP takes more than 10 hours to do so.

I suggest you take another close look at your DNS zone file at TransIP to identify some other reason why the AAAA wildcard still exists.

Good one! I told the guy that handles the domain to check for the wildcard.
Just told him to get rid of all the v6 records.

Thanks!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.