Interesting. Why does this fail for you, but not for me? 
I have several DNS servers on this same network.
Some can resolve it, some can’t; no matter how I try.
The fact that some queries work from some host or the other explains at least the inconsistency I have noticed in the beginning. Thats the reason I am able to issue one or two domains from time to time…while the rest fails.
Bytheway I managed to write a little script to check the response over time. And it started to fail for me as well. If this is the case, why would the dns server start to drop? As mentioned by others in the beginning of this thread, this could be the result of rate limits. But why would the provider not tell me? This is just weird…
Thank you all for your help. I am really bad with this, but I guess the provider should jump in now. I will have to push him futher…
Again, thank you a lot!
Or you could add more DNS servers to the mix...
I try to never use less than 6 (diff ISPs, diff TLDs, diff countries, IPv4 & IPv6).
Everything is "critical".
To me DNS is "critical" X "critical"
CRI L T ACI
A "critical" square - LOL
I have added a dns cache with dnsmasq. And my provider suggested to use google dns instead. But still, certbot returns mostly the timeout exception. I dont know the certbot renewal protocol, but I guess this has nothing to do with the local dns from my host. Or does it? I am lost…
Maybe Letsencrypt has stopped using recursive dns servers?!
Correct. The certificate issuing process does not rely on your server's DNS resolution facilities at all.
Let's Encrypt run their own recursive DNS servers (using Unbound). They perform all queries directly to authoritative DNS servers. It's those recursive DNS servers that are "timing out" for your domains.
1 Like
You were totally right. I kept contact to the provider analysing the issues. Today he found out that there was DDOS protection active 
No he has changed settings and it works again. All my certs are signed and my applications work again.
Thank you guys for work on the basis!
2 Likes
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.