DNS problem when attempting to generate a certificate?

jkachel · June 20, 2017, 5:38pm

Please fill out the fields below so we can help you better.

My domain is:
uam-flightdeck.com and www.uam-flightdeck.com
I ran this command:
letsencrypt certonly --webroot -w /var/www/uam-flightdeck.com/public -d www.uam-flightdeck.com
It produced this output:
DNS problem: query timed out looking up A for www.uam-
flightdeck.com
… but sometimes:
DNS problem: SERVFAIL looking up A for www.uam-
flightdeck.com
… and then also, now:
No valid IP addresses found for uam-flightdeck.com
My web server is (include version):
nginx version: nginx/1.10.0 (Ubuntu)
The operating system my web server runs on is (include version):
Ubuntu 16.04
My hosting provider, if applicable, is:
DigitalOcean
I can login to a root shell on my machine (yes or no, or I don’t know):
yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
no

I have doublechecked these against the registry (GoDaddy, valid until 2018) and tested against Verizon and Google public DNS and these domains definitely exist. No DNS changes have been performed on this domain since it was set up some time ago. Seems like this might be an issue on the LE end of things? We’re using DigitalOcean to handle DNS for the domains in question. (FWIW, the www is a CNAME to the uam-flightdeck.com address. It has a handful of MX records and an A record but that’s it.)

cpu · June 20, 2017, 5:42pm

Hi @jkachel, sorry to hear you're having trouble!

Let's Encrypt checks against your authoritative DNS servers so typically using an external 3rd party recursive resolver like Google DNS isn't a representative test.

You're the second person today to report these problems with Digital Ocean's DNS servers (the other was here).

Given the above, & the way the error changes from a SERVFAIL to no responses makes me strongly believe this is an issue with Digital Ocean's DNS service. Have you contacted their support? That seems like the best next-step from my perspective.

jkachel · June 20, 2017, 6:00pm

Thanks - I’ve run this up the pole with them and will update when I have a response.

jkachel · June 20, 2017, 7:20pm

According to DigitalOcean support, they’re having intermittent DNS resolution issues at the moment. (FWIW, I tried it again not long ago and it worked well enough to renew my certs, so I’m good to go.)

cpu · June 20, 2017, 7:56pm

Great! Glad to hear you got your certificate. Hopefully their DNS issues will be resolved shortly. Thanks for following up!

system · July 20, 2017, 7:57pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.