Error getting validation data on record A change


Today I changed the A record from the DNS server to point to a new server IP. Probably the record is not fully propagated yet so this could be the reason why I am getting the error below:

Waiting for verification...
Cleaning up challenges
Failed authorization procedure. XXXX.XXX (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Error getting validation data

Could you please give me your opinion?

thank you

Hi @giorgio,

The Let’s Encrypt CA does not rely on DNS record propagation like a desktop browser would; it always goes directly to the authoritative nameservers for the domain, so this is not usually the reason. However, if your provider doesn’t apply the update to the authoritative nameservers immediately, there could still be a delay that is kind of like a propagation delay, although for a different reason.

Another possibility that can cause this error is a DNS zone misconfiguration, including DNSSEC errors, like when DNSSEC signatures are invalid or absent, but marked as required. So you might also want to look at your DNS setup with testing tools that can indicate any invalidity or misconfiguration.

Thanks for your reply. This is a test I made:

what do you think? do you see anything wrong?

What Certbot plugin are you using and how are you running Certbot? It might also be a problem with actually completing the TLS-SNI-01 challenge, rather than with DNS.

A post was split to a new topic: Certbot nginx plugin - error getting validation data

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.