A few days ago I made a physical change in one of my servers, the hardware was failing so I changed the hard drive to another new server, configured the same ips (public and private) and everything seemed fine but the next day I noticed that the others servers no longer worked by domain only with the public ip, I just tried to renew the certificate of one of those servers and it gave me a DNS error.
Challenge failed for domain nsba.telsurcallcenter.com
http-01 challenge for nsba.telsurcallcenter.com
Cleaning up challenges
Attempting to renew cert (nsba.telsurcallcenter.com) from /etc/letsencrypt/renewal/nsba.telsurcallcenter.com.conf produced an unexpected error: Some challenges have failed.. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/nsba.telsurcallcenter.com/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/nsba.telsurcallcenter.com/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 renew failure(s), 0 parse failure(s)
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: nsba.telsurcallcenter.com
Type: dns
Detail: DNS problem: SERVFAIL looking up A for
nsba.telsurcallcenter.com - the domain's nameservers may be
malfunctioning; DNS problem: SERVFAIL looking up AAAA for
nsba.telsurcallcenter.com - the domain's nameservers may be
malfunctioning
My web server is (include version): Apache
The operating system my web server runs on is (include version): openSUSE Leap 15.1
My hosting provider, if applicable, is: myself
I can login to a root shell on my machine (yes or no, or I don't know): Yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.0.0
This really isn't related to Let's Encrypt, or to your web server. Your name servers are returning "SERVFAIL" for that name and nobody can get to your site. Let's Encrypt needs to connect to your site for the most common method of validating that you own it, so it's just reporting the problem it's having connecting.
When you ping nsba.telsurcallcenter.com from inside the Web server, do you get 127.0.0.1 (or any localhost IP)? If you get public, fix hosts file. If you get a private IP, such as the aforementioned one, fix the .conf files.
@Karely90 Did you do something to your DNS registrar since around March 31 this year? I saw you got a Let's Encrypt cert for your phone2 domain then. You last got a cert for nsba domain on Feb 22. So, all was well on those two dates.
I see the domain is pending transfer to a new registrar. Is that something you know about? Because that could be related to these problems.
Use site ICANN Lookup and lookup your apex name telsurcallcenter.com. Then look at the Domain Status and you will see what I mean.
We are working on a problem with the public DNS config. Let's Encrypt servers are not able to resolve the records it needs. What problem are you trying to resolve by adjusting the client's hosts file?
Because the site doesn't even resolve nameservers, a lot more was done than what was explained above. Replacing a server does not misconfigure DNS at the registrar level.
My domain provider told me yesterday that they have started a process to change the mediatemple domain. Do you think that when this change is over, this problem will be resolved?
We can only hope. I have no special knowledge on what they plan to do.
But, yes, if you get the public DNS problem fixed you should be able to get certs again. I do not see anything wrong with your client's DNS lookup config. If that was broken your error would be much different. You resolved and connected to the Let's Encrypt server just fine. It just could not reach you back because of the public DNS problem (mediatemple).
Hello everyone, the day before yesterday I finished the transfer of the domain, the DNS were added and that's it, I was able to renew the certificate, thank you all for your help