Fail to validate certificat for gitlab during secondary validation


Information about domain at the end of this message.

I try to create a Let's Encrypt certificat for a Gitlab server, I already did on another server and never had any issues.

This time I use the same Gitlab configuration to activate Let's Encrypt but I got a error message with DNS time out in secondary validation. Bellow short version of the message, complete message further bellow.

"During secondary validation: DNS problem: query timed out looking up A for"

Gitlab doc about activating Let's Encrypt (SSL Configuration | GitLab).

I use Let's Debug site ( and it tell me that everything is ok with my hostname/domaine name.

I got certificate created on my server, but not recognize by the browser.

Any clue of why it fail on secondary validation ?
Can I just delete already created certificate and retry to create them ?



My domain is:

I ran this command: sudo gitlab-ctl reconfigure

It produced this output: "During secondary validation: DNS problem: query timed out looking up A for; DNS problem: query timed out looking up AAAA for"

My web server is (include version): Nginx

The operating system my web server runs on is (include version): Ubuntu 20.04

My hosting provider, if applicable, is: OVH

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): n/a


@lestaff this is the third or fourth user with this issue. Is some unbound resolver IP address in a blacklist of some sort?


For Gitlab users, I removed all the files in the /etc/gitlab/ssl folder and rerun the sudo gitlab-ctl reconfigure command and it now successfully create and activate SSL certificats.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.