Deregister domain name

Hi,
I have changed the IP address of my domain name and I have set the new IP in the domain registrar website. So, I hope it will propagate within hours. But I am looking for a faster way.

At the moment, when I run the command ~/.acme.sh/acme.sh --issue -d my_domain.com --standalone, it shows the following error:

[Tue Jul 30 09:59:19 UTC 2024] Pending. The CA is processing your order, please wait. (1/30)
[Tue Jul 30 09:59:23 UTC 2024] Pending. The CA is processing your order, please wait. (2/30)
[Tue Jul 30 09:59:27 UTC 2024] Pending. The CA is processing your order, please wait. (3/30)
[Tue Jul 30 09:59:30 UTC 2024] my_domain.com: Invalid status. Verification error details: 164.XX.XXX.XXX: Fetching http://my_domain.com/.well-known/acme-challenge/gerfvregvrevrf: Timeout during connect (likely firewall problem)
[Tue Jul 30 09:59:30 UTC 2024] Please add '--debug' or '--log' to see more information.
[Tue Jul 30 09:59:30 UTC 2024] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh

That 164.XX.XXX.XXX is the old IP address. When I do an online DNS lookup, the domain name is shown with the new IP. However, it seems that Letsencrypt server hasn't received the updated IP.

Any idea to renew that?

You need to remove the old IP.

Also, we are shooting in the dark without the actual domain name.

5 Likes

The domain name is mijnv2.com. The question is how to remove the old IP?

Might consider opening the required ports!

PORT    STATE  SERVICE
22/tcp  open   ssh
80/tcp  closed http
443/tcp closed https
3 Likes

That's a good question.

I can reproduce a problem with your IP using https://unboundtest.com
It queries DNS similar to Let's Encrypt

If I repeatedly request your A record I get two different IP. One starts with 128.199 and the other with 178.128

Yet, if I query your authoritive DNS servers individually they all return the same IP.

Since unboundtest sees the same kind of problem Let's Encrypt does then I think something unusual is wrong with your DNS servers. I just don't know what that could be

See these two unboundtest results
https://unboundtest.com/m/A/mijnv2.com/F5GFAZ5J
https://unboundtest.com/m/A/mijnv2.com/JJGMBDLD

I also see the 128.199 IP returned using this Google DNS query tool
https://dns.google/query?name=mijnv2.com

Which IP do you think is correct?

3 Likes

They are using a standalone authenticator. Port 80 will only be open when it is running.

4 Likes

Thanks. :blush:

4 Likes

178 is correct

Are your DNS servers on AnyCast?

I don't know why Google's test tool, the unboundtest.com test site, and Let's Encrypt would all get inconsistent results querying your DNS. Are you sure all your DNS Servers are in sync world-wide?

4 Likes

I am not sure about that. I have bought the domain from a website. I expect that their DNS servers eventually get synchronized worldwide. The fact is after some hours everything will be fine. I just want to look into a quicker solution.

Let's Encrypt looks directly at your authoritive DNS Servers so is not affected by TTL propagation. But, it checks from several places around the world. If your DNS servers take a long time to sync between themselves that seems like a problem to resolve with your DNS provider.

Good DNS systems don't take very long to sync their servers. Often less than 1 minute and not more than a few minutes.

It is not only Let's Encrypt that is affected. Anyone trying to access your site might get the wrong IP until this is resolved. You can see that with the Google test result too.

6 Likes

The authoritative nameservers disagree on the IP of your domain:

mijnv2.com      nameserver = ns.zxcs.nl
mijnv2.com      nameserver = ns.zxcs.eu
mijnv2.com      nameserver = ns.zxcs.be
nslookup -q=a mijnv2.com ns.zxcs.nl
Address: 185.104.28.19
Name:    mijnv2.com
Address: 209.38.17.134     <<<<<<<<<<<<<<<<<<<<<<<<<

nslookup -q=a mijnv2.com ns.zxcs.eu
Address: 178.62.208.8
Name:    mijnv2.com
Address: 209.38.17.134     <<<<<<<<<<<<<<<<<<<<<<<<<

nslookup -q=a mijnv2.com ns.zxcs.be
Address: 46.101.179.64
Name:    mijnv2.com
Address: 128.199.50.29     <<<<<<<<<<<<<<<<<<<<<<<<<
3 Likes

They didn't disagree earlier. I checked. And, they don't disagree for me now. Seems odd

dig +noall +answer A mijnv2.com @ns.zxcs.nl
mijnv2.com.             86400   IN      A       178.128.98.163
dig +noall +answer A mijnv2.com @ns.zxcs.eu
mijnv2.com.             86400   IN      A       178.128.98.163
dig +noall +answer A mijnv2.com @ns.zxcs.be
mijnv2.com.             86400   IN      A       178.128.98.163

But this is odd too. Any ideas @rg305 other than their servers are not in sync?

My nslookup used their IPv6 addresses (update: I think nslookup uses tcp for -q queries.
See my next post)

 nslookup -q=a mijnv2.com ns.zxcs.nl
Server:         ns.zxcs.nl
Address:        2a06:2ec0:1::10#53
Name:   mijnv2.com
Address: 209.38.17.134

nslookup -q=a mijnv2.com ns.zxcs.eu
Server:         ns.zxcs.eu
Address:        2a03:b0c0:2:d0::57:1001#53
Name:   mijnv2.com
Address: 209.38.17.134

nslookup -q=a mijnv2.com ns.zxcs.be
Server:         ns.zxcs.be
Address:        2a03:b0c0:3:d0::116:2001#53
Name:   mijnv2.com
Address: 209.38.17.134
4 Likes

Here's maybe another clue for their DNS provider.

TCP queries get one IP address. UDP get a different one. Using -4 and -6 gets same wrong result

dig -4 +tcp +noall +answer A mijnv2.com @ns.zxcs.be
mijnv2.com.             86400   IN      A       209.38.17.134
dig -4 +tcp +noall +answer A mijnv2.com @ns.zxcs.nl
mijnv2.com.             86400   IN      A       209.38.17.134
dig -4 +tcp +noall +answer A mijnv2.com @ns.zxcs.eu
mijnv2.com.             86400   IN      A       209.38.17.134

dig -4 +notcp +noall +answer A mijnv2.com @ns.zxcs.eu
mijnv2.com.             86400   IN      A       178.128.98.163
dig -4 +notcp +noall +answer A mijnv2.com @ns.zxcs.be
mijnv2.com.             86400   IN      A       178.128.98.163
dig -4 +notcp +noall +answer A mijnv2.com @ns.zxcs.nl
mijnv2.com.             86400   IN      A       178.128.98.163
4 Likes

Sounds like a problem with the domain registrar. I will contact then, Thank you.

4 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.