Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: app.upg-ploiesti.ro
I ran this command: certbot renew
It produced this output:
Domain: app.upg-ploiesti.ro
Type: dns
Detail: DNS problem: query timed out looking up A for app.upg-ploiesti.ro; DNS problem: query timed out looking up AAAA for app.upg-ploiesti.ro
Do you have a firewall for your DNS servers? Maybe one that blocks certain IP addresses? Because it looks like the IP addresses for the Let's Encrypt servers are being blocked.
I say this because I see your DNS records just fine from my own test server. And, so does the unboundtest.com site that looks up DNS similar to how Let's Encrypt Servers do it.
The Let's Debug test site debug info shows this same pattern. The Debug site's own tests for your DNS are fine. But, it's test with the Let's Encrypt staging system fails to lookup your DNS.
No. The IP addresses are not published. There will be requests from multiple IP addresses. The IP addresses change even from hour to hour. See details below.
Did you add or change your DNS firewall since you last got a successful cert on 2022-06-25?
This log is frim DNS server :
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
16:12:40.005268 IP letsdebug.net.17974 > 78.96.59.4.domain: 27638% [1au] A? SE.Upg-PloIESTI.RO. (47)
16:12:40.005645 IP 78.96.59.4.domain > letsdebug.net.17974: 27638*- 1/0/1 A 78.96.59.13 (81)
As you can see my server receive the request and answer! I test with se subdomain but is the same in app.
I filter the log for lets debug, the output is the same as certbot. I don't think is an firewall problem I’m on linux and not using an adaptive policy!