Dns query time out

lztlcl · May 10, 2018, 3:24am

i register domain is : pre.m.nubia.com
but have a problem: DNS problem: query timed out looking up CAA for m.nubia.com
below is detail:

https://acme-v02.api.letsencrypt.org/acme/challenge/dAQaHGGbCVvVCqwwp2I3Q_RjQFvCO7o95ks4hxhYM3s/4576652527

Domain “pre.m.nubia.com” challenge3 failed. Response from “https://acme-v02.api.letsencrypt.org/acme/challenge/dAQaHGGbCVvVCqwwp2I3Q_RjQFvCO7o95ks4hxhYM3s/4576652527” was:

Error: DNS problem: query timed out looking up CAA for m.nubia.com

Full Error: { “type”: “http-01”, “status”: “invalid”, “error”: { “type”: “urn:ietf:params:acme:error:dns”, “detail”: “DNS problem: query timed out looking up CAA for m.nubia.com”, “status”: 400 }, “url”: “https://acme-v02.api.letsencrypt.org/acme/challenge/dAQaHGGbCVvVCqwwp2I3Q_RjQFvCO7o95ks4hxhYM3s/4576652527”, “token”: “d1CdlHR3XALC-Z51rjTDBAACAak3iCEk1aU8Yd2l9LU”, “validationRecord”: [ { “url”: “http://pre.m.nubia.com/.well-known/acme-challenge/d1CdlHR3XALC-Z51rjTDBAACAak3iCEk1aU8Yd2l9LU”, “hostname”: “pre.m.nubia.com”, “port”: “80”, “addressesResolved”: [ “121.43.197.129” ], “addressUsed”: “121.43.197.129” } ] }

Patches · May 10, 2018, 4:01am

m.nubia.com contains a CNAME record to 0nu30m93n2598jm3.gfvip07as.com, and it is the DNS server for gfvip07as.com that is timing out when requesting a CAA record:

https://unboundtest.com/m/CAA/m.nubia.com/TIESF2WI

You should contact the administrators of gfvip07as.com and ask them to fix their DNS. They don’t have to actually support CAA records, but they do need to properly respond and say the records don’t exist rather than failing to respond altogether.

While you’re waiting on them to respond, there are a couple of workarounds you can consider:

If the DNS for nubia.com does support CAA records, create one for pre.m.nubia.com that allows Let’s Encrypt to issue. If a CAA record for pre.m.nubia.com exists, LE won’t bother checking m.nubia.com and you should be able to issue.
If you’re allowed to use an A record to point m.nubia.com directly to the IP address for 0nu30m93n2598jm3.gfvip07as.com instead of using a CNAME record (perhaps even temporarily while they look into the DNS issues), the bad DNS servers for gfvip07as.com wouldn’t be consulted any longer and you should be able to issue.

system · June 9, 2018, 4:01am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.