DNS problem when requesting certificate via HTTP-01 challenge

I unable to request TLS certificates for my website, which appears to be a DNS problem at your end, details below:

My domain is: jubatv.net www.jubatv.net

I ran this command: certbot --register-unsafely-without-email certonly --webroot --webroot-path REDACTED -d jubatv.net -d www.jubatv.net

It produced this output:

Saving debug log to REDACTED
Plugins selected: Authenticator webroot, Installer None
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for jubatv.net
http-01 challenge for www.jubatv.net
Using the webroot path REDACTED for all unmatched domains.
Waiting for verification...
Challenge failed for domain jubatv.net
Challenge failed for domain www.jubatv.net
http-01 challenge for jubatv.net
http-01 challenge for www.jubatv.net
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: jubatv.net
   Type:   dns
   Detail: DNS problem: query timed out looking up A for jubatv.net

   Domain: www.jubatv.net
   Type:   dns
   Detail: DNS problem: query timed out looking up A for
   www.jubatv.net

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): 0.39.0

Both domains are resolvable via Google Public DNS:

$ dig jubatv.net @8.8.8.8

; <<>> DiG 9.11.3-1ubuntu1.9-Ubuntu <<>> jubatv.net @8.8.8.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12835
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;jubatv.net.                    IN      A

;; ANSWER SECTION:
jubatv.net.             599     IN      A       112.121.182.12

;; Query time: 26 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Thu Oct 31 18:24:19 CST 2019
;; MSG SIZE  rcvd: 55

$ dig www.jubatv.net @8.8.8.8

; <<>> DiG 9.11.3-1ubuntu1.9-Ubuntu <<>> www.jubatv.net @8.8.8.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40097
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;www.jubatv.net.                        IN      A

;; ANSWER SECTION:
www.jubatv.net.         599     IN      A       112.121.182.12

;; Query time: 29 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Thu Oct 31 18:24:26 CST 2019
;; MSG SIZE  rcvd: 59

Hi @Lin-Buo-Ren

your name servers are terrible - https://check-your-website.server-daten.de/?q=jubatv.net

There are timeouts checking EDNS, checked manual

nslookup jubatv.net. ns2.dns.com.

has a timeout. Same checked with Unboundtest

https://unboundtest.com/m/A/jubatv.net/BMBAOGRS

i/o timeout

Letsencrypt uses an Unbound instance with the same configuration, so that’s critical.

1 Like

Thanks for your timely response. I’ll check it out.

You can review your DNS performance and more at: https://dnsspy.io/scan/jubatv.net


And where your problem really is at: https://dnsspy.io/scan/dns.com

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.