DNS problem: query timed out looking up A?


#1
> sudo ./letsencrypt-auto renew

Updating letsencrypt and virtual environment dependencies......
Requesting root privileges to run with virtualenv: .../letsencrypt renew
Processing <file>.conf
2016-03-29 00:10:14,812:WARNING:letsencrypt.cli:Attempting to renew cert from <file>.conf produced an unexpected error: Failed authorization procedure. app.gesnex.com (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: DNS problem: query timed out looking up A for app.gesnex.com. Skipping.

All renewal attempts failed. The following certs could not be renewed:
  <route>/fullchain.pem (failure)
1 renew failure(s), 0 parse failure(s)

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: app.gesnex.com
   Type:   connection
   Detail: DNS problem: query timed out looking up A for app.gesnex.com

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A record(s) for that domain
   contain(s) the right IP address. Additionally, please check that
   your computer has a publicly routable IP address and that no
   firewalls are preventing the server from communicating with the
   client. If you're using the webroot plugin, you should also verify
   that you are serving files from the webroot path you provided.

But the A record is fine: http://mxtoolbox.com/SuperTool.aspx?action=a%3Aapp.gesnex.com&run=toolpage

What I’m doing wrong?
Using nginx


DNS Problem: query timed out look up A for mydomain.com
Limit on Renewals?
#2

I think Let’s Encrypt’s DNS servers are having some issues at the moment. I’m getting a similar error for one of my domains and just saw someone else report the same thing. It’ll probably be fine in a bit.


#3

I’m seeing this problem too. Hopefully they get their DNS server issues sorted out soon.


#4

Same issue here for a couple of hours now.


#5

I’ve got the same issue. I ended up with too many pending requests as a result.
"Error: urn:acme:error:rateLimited :: There were too many requests of a given type :: Error creating new authz :: Too many currently pending authorizations."
I tried deleting my /etc/letsencrypt/accounts folder to get around this problem (as running the client with no accounts folder causes a new account to be registered with fresh rate limits) only to be told there is a timeout looking up the MX record for my provided email address.
"The provided email for a registration was invalid :: DNS problem: query timed out looking up MX for samspin.net"
Therefore the DNS at Let’s Encrypt’s production server is pretty much down. I personally think they’re getting more renewal requests than normal due to the new intermediate certificate being compatible with Windows XP SP3. I think it’s best to have a little patience, I’ll try again in a few hours.


#6

So glad it’s not on my end! I was seriously going to rip my hair out trying to figure out why I was getting this error.


#7

Same problem here, although I am completely new to lets encrypt and still am giving my error a 75%+ user error likelihood : ’ )


#8

Count me as on the same boat.


#9

Yep. Was going crazy trying to set this up on a brand new AWS instance and thought it was on my end for the last hour.


#10

I have this problem too


#11

I am seeing similar problems:

Error: Registration request failed: {"type":"urn:acme:error:invalidEmail","detail":"DNS problem: query timed out looking up MX for gmail.com"}


#12

I’m having the same issue.


#13

Nothing to do but wait. I’m sure they’re working on it.


#14

I’ve got the same issue.

Failed authorization procedure. mydomain.jp (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: DNS problem: query timed out looking up A for mydomain.jp
I seriously hope to fix dns server soon…


#15

My request just went through fine now.


#16

Thanks for the thread. In the process of further securing infrastructure, a firewall allow was removed that shouldn’t have been. It was fixed and things are flowing again.


#17

Looks like it was fixed but I’m back to rate-limits …

urn:acme:error:rateLimited :: There were too many requests of a given type :: Error creating new cert :: Too many certificates already issued for: ddns.net. Skipping.


#18

Fixed for me, thanks!


#19

First major outage I suppose? :frowning:


#20

Me too partners …