Hello,
I am new to LE and my problem seems to be similar to other DNS validation problem.
However I cannot manage to find the problem. Here is the error message :
Failed authorization procedure. liris.lemni.top (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: DNS problem: SERVFAIL looking up A for liris.lemni.top
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: liris.lemni.top
Type: connection
Detail: DNS problem: SERVFAIL looking up A for liris.lemni.top
I also read that it could be linked to uppercase and lowercase letter but it does not seems to be a thing here :
dig LiRiS.lEmNi.top
; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> LiRiS.lEmNi.top
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31983
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 4
;; QUESTION SECTION:
;LiRiS.lEmNi.top. IN A
;; ANSWER SECTION:
LiRiS.lEmNi.top. 1864 IN A 92.222.88.135
;; AUTHORITY SECTION:
lEmNi.top. 1864 IN NS dns16.ovh.net.
lEmNi.top. 1864 IN NS ns16.ovh.net.
;; ADDITIONAL SECTION:
ns16.ovh.net. 81652 IN A 213.251.128.135
ns16.ovh.net. 83416 IN AAAA 2001:41d0:1:1987::1
dns16.ovh.net. 81652 IN A 213.251.188.135
dns16.ovh.net. 40578 IN AAAA 2001:41d0:1:4a87::1
;; Query time: 11 msec
;; SERVER: 213.186.33.99#53(213.186.33.99)
;; WHEN: Mon Jun 13 16:41:28 2016
;; MSG SIZE rcvd: 183
I don’t really have any clue that can help me there…
if ns16.ovh.net and dns16.ovh.net are the authoritative nameservers (which it looks as if they should be) - they aren’t responding. If they don’t respond, then google (8.8.8.8) or anyone else that requests the IP address from the authoritative nameservers can’t get it … hence the failure.
Google public DNS resolves that host fine. And it does seem to work against the listed servers too. It looks like those might not be reachable from some places though.
As for case sensitivity, the names are case insensitive (see RFC). What you probably heard about case-sensitivity could be related to so-called “0x20 Bit encoding”. What it effectively does, it mixes the case of your name in the query and verifies that case is maintained in the response (to prevent spoofing to some extent). Nameservers you have listed maintain the case, so that should not cause the issues even if this technique is used.
I don’t manage the server ns16 and dns16 they are controlled by my serverhost. Is there anything I can do ?
I don’t really see why some places can reach it and somes places can’t…
If name servers are not reachable, it is normally because of (temporary) routing issues between where the query is sent from and those servers. It is rather unlikely for name servers of a large hoster to go down. Usually the issue gets resolved by itself.
However, if it becomes repeatedly unstable, then you can just switch the nameservers to a more reliable provider (they don’t have to be with your registrar or hoster). There are plenty of free DNS hosting providers - just google free dns hosting.
It seems weird that their servers don’t be efficient. I find a french man who maid a tutorial explaining how he configured LE on the same configuration with the same server hosting.
I will try to wait a bit, and if it’s necessary I will change my dns hosting.
I will mark this subject solved later, when I will be sure that it is only linked to that. Thank you for your help anyway.