DNS problem when requesting certificate via HTTP-01 challenge

I unable to request TLS certificates for my website, which appears to be a DNS problem at your end, details below:

My domain is: jubatv.net www.jubatv.net

I ran this command: certbot --register-unsafely-without-email certonly --webroot --webroot-path REDACTED -d jubatv.net -d www.jubatv.net

It produced this output:

Saving debug log to REDACTED
Plugins selected: Authenticator webroot, Installer None
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for jubatv.net
http-01 challenge for www.jubatv.net
Using the webroot path REDACTED for all unmatched domains.
Waiting for verification...
Challenge failed for domain jubatv.net
Challenge failed for domain www.jubatv.net
http-01 challenge for jubatv.net
http-01 challenge for www.jubatv.net
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: jubatv.net
   Type:   dns
   Detail: DNS problem: query timed out looking up A for jubatv.net

   Domain: www.jubatv.net
   Type:   dns
   Detail: DNS problem: query timed out looking up A for
   www.jubatv.net

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): 0.39.0

Both domains are resolvable via Google Public DNS:

$ dig jubatv.net @8.8.8.8

; <<>> DiG 9.11.3-1ubuntu1.9-Ubuntu <<>> jubatv.net @8.8.8.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12835
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;jubatv.net.                    IN      A

;; ANSWER SECTION:
jubatv.net.             599     IN      A       112.121.182.12

;; Query time: 26 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Thu Oct 31 18:24:19 CST 2019
;; MSG SIZE  rcvd: 55

$ dig www.jubatv.net @8.8.8.8

; <<>> DiG 9.11.3-1ubuntu1.9-Ubuntu <<>> www.jubatv.net @8.8.8.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40097
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;www.jubatv.net.                        IN      A

;; ANSWER SECTION:
www.jubatv.net.         599     IN      A       112.121.182.12

;; Query time: 29 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Thu Oct 31 18:24:26 CST 2019
;; MSG SIZE  rcvd: 59

Hi @Lin-Buo-Ren

your name servers are terrible - https://check-your-website.server-daten.de/?q=jubatv.net

There are timeouts checking EDNS, checked manual

nslookup jubatv.net. ns2.dns.com.

has a timeout. Same checked with Unboundtest

https://unboundtest.com/m/A/jubatv.net/BMBAOGRS

i/o timeout

Letsencrypt uses an Unbound instance with the same configuration, so that's critical.

Thanks for your timely response. I’ll check it out.

You can review your DNS performance and more at: https://dnsspy.io/scan/jubatv.net

image.png961×337 17.1 KB

image.png959×325 16.8 KB

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.