DNS resolver issues?


#1

It’s the first time I have to renew my certificates and now I am experiencing domain verification issues.

I have one certificate which has several SANs, but right now verification fails again and again. Sometimes for the first SAN, sometimes for the second or any other domain with the message: ‘DNS problem: query timed out looking up A for braunlager-bikepark.de’. I tried to debug and tried to resolve these domains from different places of the earth (using servers I have access to or DNS resolving websites), but found no problems.

Some of the SANs are:
harzer-bikeparx.de
www.harzer-mountainbike-betten.de
www.family-harz.de
braunlager-bikepark.de


The Let's Encrypt HTTP challenge failed: acme error 'urn:acme:error:connection': DNS problem: SERVFAIL looking up A for domain.com
DNS query timed out
SERVFAIL looking up A for build.ascend4.org
#2

I confirm, that I have the same problem.

FailedChallenges: Failed authorization procedure. XXXXXXXXXXXXXXXXXXXXXX (tls-sni-01): urn:acme:error:connection ::
The server could not connect to the client to verify the domain ::
DNS problem: query timed out looking up A for XXXXXXXXXXXXXXXXXXXXXX

Failed authorization procedure. XXXXXXXXXXXXXXXXXXXXXX (tls-sni-01): urn:acme:error:connection ::
The server could not connect to the client to verify the domain ::
DNS problem: query timed out looking up A for XXXXXXXXXXXXXXXXXXXXXX


#3

Same here: DNS problem: query timed out looking up A for www.XXXXXXX.com
Everything resolves fine for me, but not so much on the other end of the process.


#4

Seems to be some maintenance going on:
https://letsencrypt.status.io/

Scroll down to the bottom. Says only 1 hr but maybe it’s still happening.


#5

Odd. My domains weren’t going to expire til the 14th then I suddenly get this email:

Your certificate (or certificates) for the names listed below will expire in 0 days (on 09 Feb 16 18:30 +0000)

Hence the panic, when I try to renew them before tomorrow and I can’t because of Maintenance and then get DNS errors when trying to scramble to renew them.

It’s not really confidence building. I’m guessing they might have accidentally DOS-ed themselves with those emails? Some kind of glitch that moved soon to expire domains to expire the next day (or false warning)?


#6

I gave it the afternoon off and just came back to it. I was just able to get a cert with 100 domains. When I saw the DNS issue I was lucky to make it 5 domains into the list before it died.

Thanks to someone, somewhere for fixing something!


#7

Sorry for the issues. We deployed a change to our DNS configuration to mitigate timeouts people have been seeing with NetRegistry. Unfortunately, this caused a significant increase in timeouts for other registrars, and we rolled it back. Things should be back to normal. Please let us know if you see further problems of this sort.


#8

Question. The roll-back was a client side or (your) server side? I ask, because I use the hosting control panel LiveConfig where I see a similar status message: “DNS problem: query timed out looking up A for…”


#9

It was a server side issue. If you’re getting DNS timeouts today, they have some other cause. Maybe start a new thread and post your domain name?