Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
I ran this command:
Using NPMplus
It produced this output:
Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
Domain: xxx.xxxx.duckdns.org
Type: dns
Detail: DNS problem: SERVFAIL looking up A for xxx.xxxx.duckdns.org - the domain's nameservers may be malfunctioning; no valid AAAA records found for xxx.xxxx.duckdns.org
My web server is (include version):
NPMPlus
The operating system my web server runs on is (include version):
Docker/Archlinux
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know):
yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):NPM Plus
It's been working fine, but I've got this error.
Maybe it is related with DNSSEC?
Recently I installed Adguardhome, and Stubby on my openwrt router.
However, now I reverted to the old one(dnsmasq), and the result is the same.
As Bruce noted there is a problem with the DNS servers or their configuration. Let's Encrypt needs info from those DNS servers and instead LE is getting a SERVFAIL error.
We regularly see problems with Duck DNS. You may want to consider getting a dedicated domain name which allows you to choose a different DNS provider (someone like Cloudflare for example).
Personally I would start with https://dnsviz.net to start researching the problem and likely report it to DuckDNS. Had you shared your name we would have done that for you already to give you more specific advice. Without that we can't really can't say much more than we have.
You might also try the Duck DNS support forum to see if there is a known outage or issue right now.
Thank you guys.
The domain I need to get a certificate is 'ntfy.nemonein.duckdns.org'.
I use npmplus as reverse proxy, and have a few services. It's been running good.
And I have very little knowledge about DNS thing..
You are not running the DNS Servers - Duck DNS is. And, it looks like significant problems with them at the moment. I don't know if it is a general issue with Duck or something unique to your configuration with them. You'll probably need to ask their support or community forum.
Let's Encrypt is failing to get required info from the DNS and won't succeed without it. Mind you, many other systems may also have problems connecting to you. The DNS is where "everyone" starts by translating a domain name into the IP address used for the connection.
You should show them results of these tests:
Reproduces SERVFAIL (proves not just Let's Encrypt issue)
DNS Tree showing more details of problem
The google DNS result from above link (right now):
