I just created a new certificate and all went well, but then I ran command to dry run a renewal: sudo certbot renew --dry-run
and I’m getting a DNS failure, which is strange:
tls-sni-01 challenge for chh.lightboxcreative.co.nz
Waiting for verification...
Cleaning up challenges
Attempting to renew cert from /etc/letsencrypt/renewal/chh.lightboxcreative.co.nz.conf produced an unexpected error: Failed authorization procedure. chh.lightboxcreative.co.nz (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: DNS problem: SERVFAIL looking up A for chh.lightboxcreative.co.nz. Skipping.
Have seen some other advice about adding VirtualHost *:80 to the default, but mine is already set like that.
as this forum is used for learning it’s always appreciated if users provide feedback such as yes it was the DNS record, fixed it now it’s all working so others can learn
First off thank you for the help there, I’ve got in touch with the person who has access to the DNS and have asked them to fix the issues.
Secondly @ahaw021 Not sure how you think the issue is fixed as the DNS report still says 2 errors and I retested the command and its still not working for me.
I always send thanks to people who help me, but in this case its still in progress.
@ahaw021 The problem is not getting a working cert, it’s a test of the dry run of the certificate renewal process, as per the command i put in my original post:
certbot renew --dry-run
I realise it wont affect me for 3 or 4 months or however long the certificate lasts, but i’m looking to sort it now before it becomes urgent.
I’ve contacted the DNS provider with no response. Do you know if there is a workaround? For instance; how was the initial certificate able to be created but now there is a problem with the renewal?
Maybe the IPv6 address used to work, or the other DNS problems didn’t exist at that time?
If you’re not in danger of running into trouble with the rate limits, you can also force the real renewal to see if there is a difference between the staging server and production server (e.g. Certbot’s --force-renewal option).