Error: DNS problem: query timed out looking up A for www.osprey.mx

We are having issues obtaining a cert and I’ve repeatedly encountered the error: Failed authorization procedure. www.osprey.mx (http-01): urn:acme:error:dns :: DNS problem: query timed out looking up A for www.osprey.mx

We have previously been able to issue a cert, but now we’re unable to.


Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: www.osprey.mx

I ran this command: certbot --email <MY_EMAIL> --domain www.osprey.mx --non-interactive --config-dir <MY_CONFIG_DIR> --agree-tos --manual --preferred-challenges http --manual-public-ip-logging-ok --manual-auth-hook challengeHook.sh --rsa-key-size 4096 certonly

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for www.osprey.mx
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. www.osprey.mx (http-01): urn:acme:error:dns :: DNS problem: query timed out looking up A for www.osprey.mx

My web server is (include version): n/a

The operating system my web server runs on is (include version): n/a

My hosting provider, if applicable, is: n/a

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): 0.14.0

2 Likes

I don’t know if this is why Let’s Encrypt is failing, but FWIW, your authoritative DNS service has a misconfiguration:

https://dnsviz.net/d/servicios-nic.com.mx/dnssec/

$ dig +norecurse @o.mx-ns.mx servicios-nic.com.mx

; <<>> DiG 9.15.7-Ubuntu <<>> +norecurse @o.mx-ns.mx servicios-nic.com.mx
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4170
;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 3, ADDITIONAL: 7

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;servicios-nic.com.mx.          IN      A

;; AUTHORITY SECTION:
servicios-nic.com.mx.   86400   IN      NS      dns1.servicios-nic.com.mx.
servicios-nic.com.mx.   86400   IN      NS      dns2.servicios-nic.com.mx.
servicios-nic.com.mx.   86400   IN      NS      dns3.servicios-nic.com.mx.

;; ADDITIONAL SECTION:
dns1.servicios-nic.com.mx. 86400 IN     A       200.94.181.1
dns2.servicios-nic.com.mx. 86400 IN     A       200.94.181.2
dns3.servicios-nic.com.mx. 86400 IN     A       200.94.181.3
dns1.servicios-nic.com.mx. 86400 IN     AAAA    2001:1250::1811
dns2.servicios-nic.com.mx. 86400 IN     AAAA    2001:1250::1812
dns3.servicios-nic.com.mx. 86400 IN     AAAA    2001:1250::1813

;; Query time: 39 msec
;; SERVER: 200.23.1.1#53(200.23.1.1)
;; WHEN: Thu Jan 09 19:52:38 UTC 2020
;; MSG SIZE  rcvd: 238

The three nameservers have IPv6 glue records, though not authoritative records, and none of the IPs work.

That might be delaying resolution.

1 Like

Thanks for the response, that was really helpful.

How to solve this issue?, I have the same problem but i dont have a lot of experience with DNS

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.