Domain challenge3 failed SERVFAIL looking up A

tutum · July 7, 2018, 10:22am

Domain “bash.ws” challenge3 failed. Response from “https://acme-v02.api.letsencrypt.org/acme/challenge/xbtn1ra0FhAKzNndEiRzfOsJfIKZD5d3jC6sdDvWIek/5516228941” was:

Error: DNS problem: SERVFAIL looking up A for bash.ws

Full Error: { “type”: “http-01”, “status”: “invalid”, “error”: { “type”: “urn:ietf:params:acme:error:dns”, “detail”: “DNS problem: SERVFAIL looking up A for bash.ws”, “status”: 400 }, “url”: “https://acme-v02.api.letsencrypt.org/acme/challenge/xbtn1ra0FhAKzNndEiRzfOsJfIKZD5d3jC6sdDvWIek/5516228941”, “token”: “Xp50xynapZo9aflSuowr-I84Vz3sBDEYAXLjoZtlPAc”, “validationRecord”: [ { “url”: “http://bash.ws/.well-known/acme-challenge/Xp50xynapZo9aflSuowr-I84Vz3sBDEYAXLjoZtlPAc”, “hostname”: “bash.ws”, “port”: “80” } ] }

The question is: why DNS failed?

I run dig command and got the following result

dig +trace bash.ws

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.4 <<>> +trace bash.ws
;; global options: +cmd
. 205585 IN NS a.root-servers.net.
. 205585 IN NS b.root-servers.net.
. 205585 IN NS c.root-servers.net.
. 205585 IN NS d.root-servers.net.
. 205585 IN NS e.root-servers.net.
. 205585 IN NS f.root-servers.net.
. 205585 IN NS g.root-servers.net.
. 205585 IN NS h.root-servers.net.
. 205585 IN NS i.root-servers.net.
. 205585 IN NS j.root-servers.net.
. 205585 IN NS k.root-servers.net.
. 205585 IN NS l.root-servers.net.
. 205585 IN NS m.root-servers.net.
;; Received 228 bytes from 8.8.8.8#53(8.8.8.8) in 95 ms

ws. 172800 IN NS ns7.dns.ws.
ws. 172800 IN NS ns4.dns.ws.
ws. 172800 IN NS ns5.dns.ws.
ws. 172800 IN NS ns6.dns.ws.
ws. 172800 IN NS ns2.dns.ws.
ws. 172800 IN NS ns3.dns.ws.
;; Received 233 bytes from 192.33.4.12#53(192.33.4.12) in 175 ms

bash.ws. 21600 IN NS ns1.bash.ws.
bash.ws. 21600 IN NS ns2.bash.ws.
;; Received 93 bytes from 64.70.19.80#53(64.70.19.80) in 330 ms

bash.ws. 1000 IN A 94.130.181.15
;; Received 41 bytes from 94.130.181.15#53(94.130.181.15) in 4 ms

It seems to me that here aren’t any errors.

JuergenAuer · July 7, 2018, 11:04am

Hi @tutum

checking bash.ws with nslookup: Server failed, no ip number reported. Same with ping.

Oh - now bash.ws works.

Edit: Perhaps it was only a cache problem.

Edit 2: Now there is a new Letsencrypt - certificate and a redirect http -> https

tutum · July 7, 2018, 2:35pm

I found out why it was happening. Because of this Let’s Encrypt “feature”:

Let’s Encrypt makes DNS queries with random capitalization for security purposes.

In my case “dig” had succeeded when the requested domain was in lowercase (bash.ws). I had corrected Name server config and it handles any combination of lowercase and uppercase characters (bAsh.ws, Bash.ws …)

Regards.

felixf · July 7, 2018, 2:58pm

This feature seems to be neither new nor Let’s Encrypt specific, and could (in theory) even be totally unrelated to Let’s Encrypt. See, for example, https://serverfault.com/a/752295

tutum · July 7, 2018, 4:23pm

Thanks for pointing that out. It would be more useful if the error details was something like “DNS query with random capitalization failed.” not just “DNS problem looking up A record”. I could spent much more time for fixing, but found an old topic with similar problem. I must say I already tried to install certbot and get a lot of errors in apache (it didn’t start at all). Tried to use sslforfree.com without any luck. that was a nightmare. Finally https://bash.ws works. Thanks.

system · August 6, 2018, 4:23pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.