My domain is: crmsim.pl, www.crmsim.pl, crmsim.com, www.crmsim.com
I ran this command:Using Sophos UTM, so command is automated (part of log provided further down)
It produced this output: See log below
My web server is (include version):IIS, but hidden behind Sophos UTM 9 (i.e. Sophos is responsible for handling the LE certificate process)
The log is as follows:
I Renew certificate: handling CSR REF_CaCsrCrmsim for domain set [crimsim.pl,crmsim.com,www.crmsim.pl,www.crmsim.com]
I Renew certificate: running command: /var/storage/chroot-reverseproxy/usr/dehydrated/bin/dehydrated -x -f /var/storage/chroot-reverseproxy/usr/dehydrated/conf/config -c --accept-terms --domain crimsim.pl --domain crmsim.com --domain www.crmsim.pl --domain www.crmsim.com
I Renew certificate: command completed with exit code 256
E Renew certificate: COMMAND_FAILED: ERROR: Challenge is invalid! (returned: invalid) (result: {
E Renew certificate: COMMAND_FAILED: "type": "http-01",
E Renew certificate: COMMAND_FAILED: "status": "invalid",
E Renew certificate: COMMAND_FAILED: "error": {
E Renew certificate: COMMAND_FAILED: "type": "urn:acme:error:dns",
E Renew certificate: COMMAND_FAILED: "detail": "DNS problem: NXDOMAIN looking up A for crimsim.pl",
E Renew certificate: COMMAND_FAILED: "status": 400
E Renew certificate: COMMAND_FAILED: },
E Renew certificate: COMMAND_FAILED: "uri": "https://acme-v01.api.letsencrypt.org/acme/chall-v3/276248160/ig4fSw",
E Renew certificate: COMMAND_FAILED: "token": "7eTjCF0PQYy6MAVeYEfAwYf3dNZMvVIw6q4lkX0kcqo"
E Renew certificate: COMMAND_FAILED: })\
As far as I can tell (my own NSLOOKUP queries) all addresses correctly point to the same IP: 185.68.25.138, but only CRMSIM.PL seems to fail. A noteworthy fact is that this domain has been set up recently, so it MIGHT be a matter of propagation; but all queries to various public DNS providers all show the correct DNS records.
PS. I can correctly generate a certificate for (WWW.)CRMSIM.COM. So the problem is with the .PL domain.