DNS problem: SERVFAIL looking up A, but dig NOERROR

error: {
type: “urn:acme:error:connection”,
detail: “DNS problem: SERVFAIL looking up A for live.wyjxb.top”,
status: 400
}

dig live.wyjxb.top

; <<>> DiG 9.10.3-P4-Ubuntu <<>> live.wyjxb.top
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45828
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;live.wyjxb.top. IN A

;; ANSWER SECTION:
live.wyjxb.top. 574 IN CNAME zb-upyun.b0.aicdn.com.
zb-upyun.b0.aicdn.com. 274 IN CNAME gw.aicdn.com.
gw.aicdn.com. 274 IN A 77.67.51.120

;; Query time: 0 msec
;; SERVER: 67.207.67.3#53(67.207.67.3)
;; WHEN: Tue Jan 30 03:26:02 UTC 2018
;; MSG SIZE rcvd: 111

Hi,

This is because you have a cname record point to upyun (又拍云). And the cname doesn’t have a A record with it.

I’m confused, why don’t you use upyun’s https service? (they provide 100% freeSSLs including letsencrypt)

Check this out
https://www.upyun.com/https

The domain is delegated to these two nameservers:

wyjxb.top.              3600    IN      NS      ns1.reg.cn.
wyjxb.top.              3600    IN      NS      ns2.reg.cn.

and that domain is delegated to these two nameservers:

reg.cn.                 86400   IN      NS      v1.dns.com.
reg.cn.                 86400   IN      NS      v2.dns.com.

and that domain is delegated to these two nameservers:

dns.com.                172800  IN      NS      m1.dns.com.
dns.com.                172800  IN      NS      m2.dns.com.

At some point, it fails to resolve, and Let’s Encrypt returns an error. I’d guess it’s either because some of the DNS servers aren’t reliably accessible internationally, or because they do not support queries with random capitalization (and their unusual configuration stops the resolver from detecting it and falling back to lowercase).

You may need to use a different DNS provider.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.