Failed authorization procedure after completing challenges

rockmacaca · July 9, 2017, 6:01pm

My domain is:
herock.ga

I ran this command:
certbot renew

It produced this output:
When attempting to renew the naked domain and several subdomains:
Domain: herock.ga
Type: connection
Detail: DNS problem: SERVFAIL looking up A for herock.ga

Domain: www.herock.ga
Type: connection
Detail: DNS problem: SERVFAIL looking up A for www.herock.ga
… (etc.)

I’ve also received the following error on one occasion after a several attempts:
Domain: herock.ga
Type: connection
Detail: DNS problem: query timed out looking up A for herock.ga

My web server is (include version):
lighttpd 1.4.43 (behind haproxy 1.5.18 ssl)

The operating system my web server runs on is (include version):
DD-WRT v3.0-r31277

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

I’m finding this strange since it’s set up identically to another domain I have from Freenom, duck.cf. Everything from the router firmware and software to the device I have running certbot renew is exactly the same. I just renewed its certificates last week without a problem (note I don’t currently have it up right now).

mnordhoff · July 9, 2017, 7:21pm

It looks like there are problems between Let’s Encrypt and .ga domains right now. Not just yours. For example:

   Domain: 2d60efaf-75c3-4c97-9a34-3e5e1de27a52.ga
   Type:   connection
   Detail: DNS problem: SERVFAIL looking up TXT for
   _acme-challenge.2d60efaf-75c3-4c97-9a34-3e5e1de27a52.ga

   Domain: 1840fec9-6ce8-4a47-9a28-81db86aa4e4d.ga
   Type:   connection
   Detail: DNS problem: query timed out looking up TXT for
   _acme-challenge.1840fec9-6ce8-4a47-9a28-81db86aa4e4d.ga

It seems to work sometimes.

I can’t determine what is wrong, though. It seems to work for me personally. And DNSviz.

In any case, it looks like you are doing everything right. It will likely get sorted out somehow soon.

In fact, it started working for me as i wrote this post.

Try again? But keep in mind the failed validations rate limit. Consider trying “certbot renew --dry-run” first. (Which will try to renew all of your certificates on the staging server.)

rockmacaca · July 10, 2017, 2:11am

Thanks for the reply.

I actually just realized my .ga domain expired from Freenom, though it doesn’t seem to be affecting anything DNS-related, everything’s still pointed at Namecheap’s FreeDNS servers. I went ahead and just got myself the .gq domain in hopes that might work, but now I’m getting a healthy mix of SERVFAILs and timeouts.

I suppose I can wait it out, we’ll see.

system · August 9, 2017, 2:11am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.