During secondary validation: DNS problem: query timed out looking up A

I’m having same issue.

https://letsdebug.net/ says this is likely tied to the planned maintenance window that is currently in place.

Hi @MBurchard

is the key.

Read

So the primary Letsencrypt server is able to find your A-record. Some of the secondary servers are blocked.

Firewall, .htaccess, failban or something else that blocks.

PS:

No, that’s not that error.

1 Like

Thank you for explanation, but I have not blocked anything.
There is no Firewall, no failban and no .htaccess at all…
It’s just a very fresh Ubuntu 20.04 installation

Before check the forum more user are having the same issue.

Yup. Seems to be happening all of a sudden to a lot of people, myself included.

Please read the error. It’s not possible to find an A-record.

So your dns server may have a firewall, not your local webserver.

1 Like

The problem was fixed for me right now

I am having the same issue. I use LetsEncrypt constantly. Just used it yesterday, but now all of a sudden I’m getting this error. No firewall.

Before telling someone they’re wrong, perhaps you should test yourself? The OP was getting the exact error I was. I pursued it through LetsDebug and it came up with the Planned Maintenance message. The Planned Maintenance has ended, and suddenly everything is working again for me.

So, as much as you’re sure of yourself, this time, my friend, YOU are the incorrect one.

Fixed for me now as well!

Was having the same problem for the last hour.

Many other people were too.

It’s working now, thankfully.

@JuergenAuer Everyone appreciates your support. However, please don’t always respond with the canned responses when it’s clear strange things are afoot at the Circle-K

Status page updated to reflect problem (was not posted earlier when forum questions started coming in).

https://letsencrypt.status.io/pages/incident/55957a99e800baa4470002da/5eab162e65b1d004bffe38a1

Hi all,

April 30, 2020 18:17 UTC

[Monitoring] We observed elevated validation failures, which affected certificate issuance, from approximately 16:00-18:05 UTC. We believe we’ve resolved the underlying issue, and are continuing to investigate and monitor.

From: https://letsencrypt.status.io/

Please let us know if it is resolving for you now!

Best,
JP

2 Likes

It works again… Thank you…

1 Like

we have the problem since today morining…

cause 1: secondary error
During secondary validation: DNS problem: query timed out looking up TXT
During secondary validation: DNS problem: query timed out looking up CAA

cause 2: now also on the primary lookup

we didn’t change anything and i did a dig from internet , the CAA/TXT entries are valid and available.

I have the same problem since yesterday:

I also get the “DNS problem: query timed out looking up TXT for _acme-challenge.aaaaaa.niyawe.de” error.

My hosting provider is also Hetzner.

Interestingly I can see, that the nameserver answers correctly (See acme-challenge.pcapng (108.2 KB) ).

1 Like

Letsencrypt uses the Amazon Cloud (AWS) for secondary validation. If you mass block AWS IPs in your firewall for some reason (there’s a long list of good reasons) then unblock all AWS IPs to test if this is your problem.

I’m not blocking any IPs. The thing is, that I did not change anything, between the last successful renew a few days ago and the first fail yesterday.

Hi @niyawe, welcome to the community!

We rolled out a config change last week that caused some errors similar to this one. We’ve rolled back that change now.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.