I’m trying to renew the certificate that handles two of my domains: cagd.co.uk and api.cagd.co.uk. When I tried two days ago I got “DNS problem: SERVFAIL looking up A for cagd.co.uk” errors. This morning I am getting “DNS problem: query timed out looking up A for cagd.co.uk”
After some research, I discovered that there appear to be errors in the DNSSEC Authentication Chain at my DNS provider’s end:
cagd.co.uk zone: The server(s) were not responsive to queries over TCP. (184.108.40.206, 220.127.116.11, 18.104.22.168)
When I contacted them about this, they have said that when I installed the certificates from LetsEncrypt I “have changed the DNS record into secure ones provided by third party.” Is this true? I’ve been able to renew this certificate with no problem up until now – I’m wondering if something has changed in the past three months?
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
It produced this output:
Failed authorization procedure. api.cagd.co.uk (http-01): urn:acme:error:dns :: DNS problem: query timed out looking up A for api.cagd.co.uk, cagd.co.uk (http-01): urn:acme:error:dns :: DNS problem: query timed out looking up A for cagd.co.uk
My web server is (include version):
The operating system my web server runs on is (include version):
Ubuntu 14.04.5 LTS
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don’t know):
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):