DNS problem: SERVFAIL looking up A ... DNSSEC issue?


#1

I have this one domain that repeatedly returns the following errors and cannot pass issuance authorization with LE:

Failed authorization procedure. www.myelement.org (http-01): urn:acme:error:dns :: DNS problem: SERVFAIL looking up A for www.myelement.org
Sometimes it produces this error instead.
Failed authorization procedure. www.myelement.org (http-01): urn:acme:error:dns :: DNS problem: query timed out looking up A for www.myelement.org

My own troubleshooting has reached a dead end. Others on the forum with this issue have often had DNSSEC issues. However, we do not see their domain using DNSSEC as of yet (having a DNSKEY), which we check by doing dig www.myelement.org DNSKEY.

If we were to presume that they are using DNSSEC anyhow, the dnsviz.net analysis will INTERMITTENTLY show some errors. I’d say about 75% of the time I run the analysis, I get some errors.

http://dnsviz.net/d/www.myelement.org/dnssec/

When errors are present, they say:

edlio.com/DS: No response was received from the server over UDP (tried 8 times). (2001:500:d937::30, 2001:501:b1f9::30, 2001:503:d2d::30, UDP_0_NOEDNS)

fastly.net/DS: No response was received from the server over UDP (tried 8 times). (2001:500:d937::30, 2001:501:b1f9::30, 2001:503:d2d::30, UDP_0_NOEDNS)

I’m really at a dead end about what to do next to get this domain certed.


My domain is:
www.myelement.org

I ran this command:
letsencrypt certonly --webroot -d www.myelement.org

It produced this output:
Failed authorization procedure. www.myelement.org (http-01): urn:acme:error:dns :: DNS problem: SERVFAIL looking up A for www.myelement.org
And sometimes this one:
Failed authorization procedure. www.myelement.org (http-01): urn:acme:error:dns :: DNS problem: query timed out looking up A for www.myelement.org

My web server is (include version):
apache 2

The operating system my web server runs on is (include version):
Ubuntu 16.04.2

My hosting provider, if applicable, is:
fastly

I can login to a root shell on my machine (yes or no, or I don’t know):
yes


#2

There’s some sort of weird issue with Let’s Encrypt and myelement.org's DNS provider (aplus.net). See this thread:

There’s not yet any information on how to resolve it, though. :slightly_frowning_face: Other than switching DNS providers.


#3

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.