My domain is seek-together.space
and I have a few subdomains on it,all of them seem to be doing well with Let’s Encrypt, but a few weeks ago one of them started having problems: diaspora.seek-together.space
I use acmetool
to automatically renew my certs. There is a cron job that runs acmetool reconcile
, which should automatically renew certs when needed, and I get notified by email from cron when it fails.
It produces this output:
20170715232935 [ERROR] acme.storageops: Target(diaspora.seek-together.space;https://acme-v01.api.letsencrypt.org/directory;0): failed to request certificate: Get https://acme-v01.api.letsencrypt.org/directory: dial tcp: lookup acme-v01.api.letsencrypt.org on 178.17.170.67:53: dial udp 178.17.170.67:53: i/o timeout
20170715232936 [ERROR] acme.storageops: error while processing targets: the following errors occurred: error satisfying Target(diaspora.seek-together.space;https://acme-v01.api.letsencrypt.org/directory;0): Get https://acme-v01.api.letsencrypt.org/directory: dial tcp: lookup acme-v01.api.letsencrypt.org on 178.17.170.67:53: dial udp 178.17.170.67:53: i/o timeout
20170715232936 [ERROR] acme.storageops: failed to reconcile: the following errors occurred: error satisfying Target(diaspora.seek-together.space;https://acme-v01.api.letsencrypt.org/directory;0): Get https://acme-v01.api.letsencrypt.org/directory: dial tcp: lookup acme-v01.api.letsencrypt.org on 178.17.170.67:53: dial udp 178.17.170.67:53: i/o timeout
20170715232936 [CRITICAL] acmetool: fatal: reconcile: the following errors occurred: error satisfying Target(diaspora.seek-together.space;https://acme-v01.api.letsencrypt.org/directory;0): Get https://acme-v01.api.letsencrypt.org/directory: dial tcp: lookup acme-v01.api.letsencrypt.org on 178.17.170.67:53: dial udp 178.17.170.67:53: i/o timeout
My web server is lighttpd and OS is Trisquel 7 GNU/Linux. I can log in as root.
All the other subdomains are fine, just that one subdomain is reported by acmetool status
as “needs renewing” and I got an email that says the cert will expire in 9 days.
I checked my web server config, verified that the diaspora
subdomain is configured in the same way as the other domains. I just can’t figure out why it acts like that. Any help highly appreciated