DNS problem: query timed out looking up A for www.hhmi.umbc.edu

hhmiumbc · November 27, 2019, 6:22pm

My domain is: www.hhmi.umbc.edu

I ran this command: certbot-auto renew

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Processing /etc/letsencrypt/renewal/www.hhmi.umbc.edu.conf

Cert is due for renewal, auto-renewing…

Plugins selected: Authenticator apache, Installer apache

Renewing an existing certificate

Performing the following challenges:

http-01 challenge for www.hhmi.umbc.edu

Waiting for verification…

Challenge failed for domain www.hhmi.umbc.edu

http-01 challenge for www.hhmi.umbc.edu

Cleaning up challenges

Attempting to renew cert (www.hhmi.umbc.edu) from /etc/letsencrypt/renewal/www.hhmi.umbc.edu.conf produced an unexpected error: Some challenges have failed… Skipping.

All renewal attempts failed. The following certs could not be renewed:

/etc/letsencrypt/live/www.hhmi.umbc.edu/fullchain.pem (failure)

All renewal attempts failed. The following certs could not be renewed:

/etc/letsencrypt/live/www.hhmi.umbc.edu/fullchain.pem (failure)

1 renew failure(s), 0 parse failure(s)

IMPORTANT NOTES:

The following errors were reported by the server:

Domain: www.hhmi.umbc.edu

Type: dns

Detail: DNS problem: query timed out looking up A for

www.hhmi.umbc.edu

My web server is (include version): apache 2.2.15

The operating system my web server runs on is (include version): centos 6.10

My hosting provider, if applicable, is: local

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.40.1

Thanks!

mnordhoff · November 27, 2019, 6:35pm

If nothing else, it looks like IPv6 isn’t working on any of your nameservers. That’s going to make DNS slower and unreliable.

hhmiumbc · November 27, 2019, 6:50pm

Thanks!
The nameservers are provided by our school IT. I didn’t configure IPv6 on our web server, should I enable and configure IPv6?

mnordhoff · November 27, 2019, 8:00pm

The error you’re getting has nothing to do with your web server. It’s a DNS problem. You have to get IT to fix it.

My opinion is that web servers should always support IPv6, but Let’s Encrypt will work fine either way.

hhmiumbc · November 30, 2019, 6:59pm

Thanks for quick replying!
So do you mean the IT didn’t have IPv6 properly configured for our hostname, even we don’t use IPv6? We didn’t have this problem before when we renew, only this time. Kind of strange, don’t think the IT had IPv6 configured before then just disable it? Will check with them next week.

Thanks again!

mnordhoff · November 30, 2019, 7:08pm

No, IT didn’t configure IPv6 properly on their DNS servers, and I’m guessing that might be why you’re experiencing problems.

dnsexternal.umbc.edu.   21599  A     130.85.1.6
dnsexternal.umbc.edu.   21599  AAAA  2620:0:5301:2::2:1
dnsexternal1.umbc.edu.  21599  A     130.85.1.9
dnsexternal1.umbc.edu.  21599  AAAA  2620:0:5301:2::2:2
dnsexternal2.umbc.edu.  21599  A     130.85.1.11
dnsexternal2.umbc.edu.  21599  AAAA  2620:0:5301:2::2:3

system · December 30, 2019, 7:08pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.