Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: ws1.jotelulu.space
I ran this command: certbot certonly --manual --preferred-challenges http --debug-challenges -d ws1.jotelulu.space --test-cert --agree-tos -m ingenieria@jotelulu.com
It produced this output:
Failed authorization procedure. ws1.jotelulu.space (http-01): urn:ietf:params:acme:error:dns :: DNS problem: query timed out looking up A for ws1.jotelulu.space; DNS problem: query timed out looking up AAAA for ws1.jotelulu.space
IMPORTANT NOTES:
The following errors were reported by the server:
Domain: ws1.jotelulu.space
Type: None
Detail: DNS problem: query timed out looking up A for
ws1.jotelulu.space; DNS problem: query timed out looking up AAAA
for ws1.jotelulu.space
My web server is (include version): I just write a nodejs webserver that response with correct answer, only run on test.
The operating system my web server runs on is (include version): Debian 10
My hosting provider, if applicable, is: My own host
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 0.31.0
Domain: ws1.jotelulu.space
Type: None
Detail: DNS problem: SERVFAIL looking up A for ws1.jotelulu.space -
the domain's nameservers may be malfunctioning; DNS problem:
SERVFAIL looking up AAAA for ws1.jotelulu.space - the domain's
nameservers may be malfunctioning
But from my computer it resolve ok:
; <<>> DiG 9.11.5-P4-5.1+deb10u5-Debian <<>> ws1.jotelulu.space @8.8.8.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36136
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;ws1.jotelulu.space. IN A
;; ANSWER SECTION:
ws1.jotelulu.space. 300 IN A 185.31.21.249
;; Query time: 38 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: mar ago 29 09:06:20 CEST 2023
;; MSG SIZE rcvd: 63
I also see correct responses for your A and AAAA records.
Let's Encrypt walks the DNS tree and does not use resolvers like 8.8.8.8. A better way to check DNS is using unboundtest.com which uses a method very much like Let's Encrypt. unboundtest though also shows good results
A better quick dig check is dig A ws1.jotelulu.space @nstest.jotelulu.com
A cert request will cause a lot of DNS requests not just one at a time. Do your name servers handle a burst of queries properly?
jotelulu.space. 3600 IN NS nstest.jotelulu.com.
jotelulu.space. 3600 IN NS nstest2.jotelulu.com.
