My domain is:
test1.teide.cz
I ran this command:
certbot certonly --standalone -d test1.teide.cz --dry-run
It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-staging-v02.api.letsencrypt.org/directory
(A)gree/©ancel: a
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for test1.teide.cz
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. test1.teide.cz (http-01): urn:ietf:params:acme:error:dns :: During secondary validation: DNS problem: SERVFAIL looking up A for test1.teide.cz - the domain’s nameservers may be malfunctioning
IMPORTANT NOTES:
-
The following errors were reported by the server:
Domain: test1.teide.cz
Type: None
Detail: During secondary validation: DNS problem: SERVFAIL looking
up A for test1.teide.cz - the domain’s nameservers may be
malfunctioning -
Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
My web server is (include version):
Certbot standalone 0.31.0
The operating system my web server runs on is (include version):
Debian buster
My hosting provider, if applicable, is:
The DNS is provided by a small Czech webhosting company called web4ce.cz. Webserver runs on a different provider but the problem seems to be with DNS.
I can login to a root shell on my machine (yes or no, or I don’t know):
yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
certbot 0.31.0
It seems as if the DNS server does not answer DNS queries from some LE locations but I cannot investigate this properly because the DNS server is managed by the hosting provider. I tried querying it using public recursive resolvers and it seems to work:
$ dig test1.teide.cz @8.8.8.8
; <<>> DiG 9.16.1 <<>> test1.teide.cz @8.8.8.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52182
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;test1.teide.cz. IN A
;; ANSWER SECTION:
test1.teide.cz. 7199 IN A 37.205.8.125
;; Query time: 30 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Ne dub 19 15:05:21 CEST 2020
;; MSG SIZE rcvd: 59
$ dig test1.teide.cz @1.1.1.1
; <<>> DiG 9.16.1 <<>> test1.teide.cz @1.1.1.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4545
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1452
;; QUESTION SECTION:
;test1.teide.cz. IN A
;; ANSWER SECTION:
test1.teide.cz. 6302 IN A 37.205.8.125
;; Query time: 10 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Ne dub 19 15:05:29 CEST 2020
;; MSG SIZE rcvd: 73
Can you confirm this issue is caused by the DNS server, or provide any details? I could then confront the DNS provider.