DNS resolv not working with duckdns.org domain

Help
1

This server used to work fine but i can't renew cert after November 16.

My domain is: fp-jf.duckdns.org

I ran this command:
certbot --manual --debug-challenges -v certonly -d fp-jf.duckdns.org --issuance-timeout 300

It produced this output (letsencrypt.log):

2025-11-18 18:16:02,885:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 18 Nov 2025 15:16:02 GMT
Content-Type: application/json
Content-Length: 756
Connection: keep-alive
Boulder-Requester: 97288864
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: DwVuWxTKr20aWkTSGDjdt7VU5OoZvmTD1TQYE7F84JlSoyG_cyI
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "fp-jf.duckdns.org"
  },
  "status": "invalid",
  "expires": "2025-11-25T15:14:31Z",
  "challenges": [
    {
      "type": "http-01",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall/97288864/614791535446/wXBkaQ",
      "status": "invalid",
      "validated": "2025-11-18T15:15:41Z",
      "error": {
        "type": "urn:ietf:params:acme:error:dns",
        "detail": "DNS problem: SERVFAIL looking up A for fp-jf.duckdns.org - the domain's nameservers may be malfunctioning; DNS problem: SERVFAIL looking up AAAA for fp-jf.duckdns.org - the domain's nameservers may be malfunctioning",
        "status": 400
      },
      "token": "08glRSeqeGHt2ujRGIgptvThi1fk0v_R3sLT7Iq8MQ4"
    }
  ]
}

My web server is (include version):
Apache/2.4.52 (Ubuntu) OpenSSL/3.0.2
The operating system my web server runs on is (include version):
Ubuntu 22.04.5 LTS
My hosting provider, if applicable, is:
n/a
I can login to a root shell on my machine (yes or no, or I don't know):
yes
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 5.1.0

In manual mode i can get the acme challenge from the server by external VPS client:
root@holistic-tooth:~# curl -s http://fp-jf.duckdns.org/.well-known/acme-challenge/08glRSeqeGHt2ujRGIgptvThi1fk0v_
R3sLT7Iq8MQ4
08glRSeqeGHt2ujRGIgptvThi1fk0v_R3sLT7Iq8MQ4.3UHLu4jSdmaG7GDPjMFOp-f0Or29BVCe2p4vHjUyoAU

2

The DuckDNS servers look to be down

Let's Encrypt's servers cannot get the needed info from their DNS Servers. They are getting SERVFAIL errors instead.

It is not unique to LE. Google's DNS tool here shows the same error: Query: fp-jf.duckdns.org - Google Public DNS

As does DNSViz: fp-jf.duckdns.org | DNSViz
See its Errors and Warnings

You should contact DuckDNS or just wait and retry later. We regularly see people here with similar problems.

3 Likes
3

Yes. All 9 name servers give timeouts resolving A/AAAA records. I was confused by the fact that server is still accessible. But probably not that good enough for LE.
Thank you.