DNS problem: query timed out looking up A

I'm trying to renew the certificate that handles two of my domains: cagd.co.uk and api.cagd.co.uk. When I tried two days ago I got "DNS problem: SERVFAIL looking up A for cagd.co.uk" errors. This morning I am getting "DNS problem: query timed out looking up A for cagd.co.uk"

After some research, I discovered that there appear to be errors in the DNSSEC Authentication Chain at my DNS provider's end:

cagd.co.uk zone: The server(s) were not responsive to queries over TCP. (66.175.41.102, 91.136.7.21, 91.136.8.241)

(http://dnsviz.net/d/cagd.co.uk/dnssec/)

When I contacted them about this, they have said that when I installed the certificates from LetsEncrypt I "have changed the DNS record into secure ones provided by third party." Is this true? I've been able to renew this certificate with no problem up until now -- I'm wondering if something has changed in the past three months?

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
cagd.co.uk, api.cagd.co.uk

I ran this command:
certbot certonly -d cagd.co.uk -d api.cagd.co.uk --manual

It produced this output:
Failed authorization procedure. api.cagd.co.uk (http-01): urn:acme:error:dns :: DNS problem: query timed out looking up A for api.cagd.co.uk, cagd.co.uk (http-01): urn:acme:error:dns :: DNS problem: query timed out looking up A for cagd.co.uk

My web server is (include version):
Apache/2.4.7

The operating system my web server runs on is (include version):
Ubuntu 14.04.5 LTS

My hosting provider, if applicable, is:
Azure

I can login to a root shell on my machine (yes or no, or I don't know):
Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
No

There's an ongoing, unexplained issue with Let's Encryot's resolvers and your DNS provider (meganameservers.eu). See this thread:

There isn't a known solution yet, other than changing DNS providers (or CAs).

The only people who can answer that question are you and them.

Edit: Has it started to work if you try again now?

Yes, it’s just started to work again! The DNSSEC errors are still there on my domains, but that doesn’t seem to be a problem now.

I think I will consider a different DNS provider mind you, but thank you for your help!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.