DNS problem: query timed out looking up A for example.org

Please fill out the fields below so we can help you better.

My domain is: not important i guess

I ran this command: certbot renew --dry-run

It produced this output: Attempting to renew cert (example.org) from /etc/letsencrypt/renewal/example.org.conf produced an unexpected error: Failed authorization procedure. sub1.example.org (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: DNS problem: query timed out looking up A for sub1.example.org, sub3.example.org (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: DNS problem: query timed out looking up A for sub3.example.org, example.org (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: DNS problem: query timed out looking up A for example.org, sub4.example.org (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: DNS problem: query timed out looking up A for sub4.example.org, sub2.example.org (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: DNS problem: query timed out looking up A for sub2.example.org, sub5.example.org (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: DNS problem: query timed out looking up A for sub5.example.org. Skipping.

My web server is (include version): nginx 1.10.3

The operating system my web server runs on is (include version): ubuntu 16.04.3

My hosting provider, if applicable, is: not important

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

So i just installed the certbot yesterday and gained my certificates, today i wanted to check if the renewal works so i can automate the process, but unluckily it doesn’t work.
any idea why? my dns entries are in clodflare and haven’t been changed in the last days. also i guess you cannot do something wrong when creating a records

The --dry-run option uses a different server from the real one that does not issue real certificates, known as the staging server.

Some other users on the forum are reporting getting the same error falsely from the staging server:

If things worked fine for the same domain(s) yesterday, you're likely experiencing the same thing and there's nothing wrong with your setup. It will probably work fine tomorrow.

The real server (known as the production server) is reportedly working fine. If you need to issue certificate for real it ought to be working properly.

Thanks.

I also tested this on another completely clean server and another domain & ip.
same scenario here, so --dry-run seems to be the issue, not my setup as you said

Hi @limone, as @patches mentioned (Thank you!) this error was specific to the staging environment. It was caused by a planned maintenance to do load testing:

The problems should now be resolved. Apologies for the inconvenience.

Thanks for your reply, the error is still existant

I can also confirm the error is still present with all my domains

The staging server seems to be having trouble again. I opened a new top-level thread to alert the operations team since they probably won't notice this days old thread:

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.