Certificate request using old DNS record

Hey there!

I am using vestacp (yeah I know) and when I request a certificate it’s using an old AAAA record.
The error:
Error: Invalid response from http://www.xyce.nl/.well-known/acme-challenge/gtjIAE4HjeweWfRgTV5hB38VfJJFrDz3SEjO0faCwQs [2a01:7c8:eb:0:95:170:70:116]: 404

Though that record does not exist anymore (if I check using a dns checker online, it also doesn’t find it)
I’ve read that let’s encrypt doesn’t use dns caching but I still get this result after 10 hours or so.

I also did a dns check (nslookup) on the server itself and it also didn’t find an AAAA record on that domain.

Any idea what’s going on, or what I am doing wrong?

The record exists according to my local Google Public DNS PoP.

www.xyce.nl.            299     IN      AAAA    2a01:7c8:eb:0:95:170:70:116

According to DNSViz, it’s a wildcard record for *.xyce.nl, and it exists on all of the zone’s nameservers.

http://dnsviz.net/d/www.xyce.nl/XJsVtQ/dnssec/

(Ignore the errors and warning that are just caused by packet loss to a TLD server, or something like that.)

1 Like

Crap. I even used the dnschecker.org for propagation but apparently that’s isn’t full proof.
I’ll have to wait then. Thanks for your checker, I will use that to check during the day.

I'm not sure if waiting is the answer here. Surely, sometimes it takes a moment for the zone file edit to take effect, but I doubt TransIP takes more than 10 hours to do so.

I suggest you take another close look at your DNS zone file at TransIP to identify some other reason why the AAAA wildcard still exists.

1 Like

Good one! I told the guy that handles the domain to check for the wildcard.
Just told him to get rid of all the v6 records.

Thanks!

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.