Failed authorization procedure. dj360.com.cn (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: DNS problem: SERVFAIL looking up A for dj360.com.cn
however, it resolves.
$ nslookup dj360.com.cn 8.8.8.8
Server: 8.8.8.8
Address: 8.8.8.8#53
Let’s Encrypt’s resolver uses 0x20 randomization – in other words, it sends queries with rAndOm CApiTalizATIon to improve security by making it harder to forge accurate responses. Among other issues, the zone’s authoritative nameservers do not properly support that, responding in lowercase, and the resolver rejects all of the responses and eventually fails.