My domain is: sst-institute.net
I ran this command: sudo /opt/letsencrypt/letsencrypt-auto renew
(this has worked in the past)
It produced this output:
Processing /etc/letsencrypt/renewal/dev.sst-institute.net.conf
Cert is due for renewal, auto-renewing…
Renewing an existing certificate
Performing the following challenges:
tls-sni-01 challenge for sst-institute.net
tls-sni-01 challenge for dev.sst-institute.net
tls-sni-01 challenge for www.sst-institute.net
Waiting for verification…
Cleaning up challenges
Attempting to renew cert from /etc/letsencrypt/renewal/dev.sst-institute.net.conf produced an unexpected error: Failed authorization procedure. sst-institute.net (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: DNS problem: query timed out looking up CAA for sst-institute.net, dev.sst-institute.net (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: DNS problem: query timed out looking up CAA for dev.sst-institute.net, www.sst-institute.net (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: DNS problem: query timed out looking up CAA for www.sst-institute.net. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/playsas.net/fullchain.pem (failure)
/etc/letsencrypt/live/dev.sst-institute.net/fullchain.pem (failure)
My operating system is (include version):Ubuntu 14.04.4 LTS
My web server is (include version):Apache/2.4.7
My hosting provider, if applicable, is:AWS EC2
I can login to a root shell on my machine (yes or no, or I don’t know):yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):no
These DNS reports on sst-institute.net seem to indicate that things are okay:
https://intodns.com/sst-institute.net
http://dnsviz.net/d/sst-institute.net/dnssec/