Failed auto-renewal on Unraid


The auto-renew failed and I am trying to update me cert. I have installed certbot-auto. I have tried the command certbot certonly --cert-name but I received the following error:

Plugins selected: Authenticator standalone, Installer None
Cert is due for renewal, auto-renewing…
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. (http-01): urn:ietf:params:acme:error:dns :: DNS problem: SERVFAIL looking up A for


  • The following errors were reported by the server:

    Type: None
    Detail: DNS problem: SERVFAIL looking up A for

Here is my Cert information:

Found the following certs:
Certificate Name:
Expiry Date: 2019-02-15 19:50:24+00:00 (INVALID: EXPIRED)
Certificate Path: /etc/letsencrypt/live/
Private Key Path: /etc/letsencrypt/live/


You need to fix the DNS issue first.


Domain: nameserver = nameserver =



When those IPs respond, they return: canonical name =

Has only one name server: nameserver =


[all eggs in one (IP) basket]

When everything works, DNS should return:

My best advice is work on improving the DNS in use or move to one that provides better DNS.
That said, you only need the cert renewal to work once within the last 30 days that it trues to renew (twice a day) to continue securely without expiration.
So from a certificate stance you should most likely have a valid cert all year long.
But your not seeing the real problem here: You may be missing connections (sporadically) throughout the entire year from clients that can’t resolve your name to an IP (they are unable to reach your site).


Hi @shaade

additional: This nameserver is buggy.

There is a red “U” ( ). U

Internal checked, the TCP-connection to the nameserver crashed (have to update more error messages).


Uh, what’s that? I’ve updated my tool to see more details. Now the result:

X Fatal error: Nameserver doesn’t support TCP connection: Fatal error - no NameServer IP-Address or connection. Details: One or more errors occurred. - No connection could be made because the target machine actively refused it

Your dns entries:

Host T IP-Address is auth. ∑ Queries ∑ Timeout C yes 1 0
A yes Name Error yes 1 0

So asuscomm is relevant.

There is an U: 	U	

Perhaps the nameserver accepts one connection. But the next connection (with the same source ip address) is blocked.


Thank you for the heads-up. I updated my router firmware and modified some of the settings. I missed the fact that the router had its own certificate through Letsencrypt. I turned that off and the renewal on my Unraid worked.

1 Like
closed #7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.