Help with DNS configuration

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. |, so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:
sudo certbot -v --apache

It produced this output:

[Additional output omitted]

Type: dns
Detail: DNS problem: query timed out looking up A for; DNS problem: query timed out looking up AAAA for

---- I am hosting my own DNS server and it looks like it isn't right. Any help is appreciated.

My web server is (include version):
Server version: Apache/2.4.52 (Ubuntu)

The operating system my web server runs on is (include version):
Ubuntu 22.04.3 LTS

My hosting provider, if applicable, is:
Self hosted

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 2.8.0

Hello @Torp, welcome to the Let's Encrypt community. :slightly_smiling_face:

Your DNS system seems poor. the tail end

Jan 12 00:23:12 unbound1.19[321343:0] debug: EDNS lookup known=0 vs=0
Jan 12 00:23:12 unbound1.19[321343:0] debug: serviced query UDP timeout=6016 msec
Jan 12 00:23:12 unbound1.19[321343:0] debug: inserted new pending reply id=5f45
Jan 12 00:23:12 unbound1.19[321343:0] debug: opened UDP if=0 port=41465
Jan 12 00:23:12 unbound1.19[321343:0] debug: comm point start listening 9 (-1 msec)

Error running query: read udp> i/o timeout

And using the online tool Let's Debug yields these results with 2 ERRORs

And network errors here Hardenize Report:
and it is showing DNS Zone errors that the Name Servers are not Operational.

1 Like

You also an infinite redirect loop here

$ curl -k -Ii
HTTP/1.1 301 Moved Permanently
Date: Fri, 12 Jan 2024 00:31:07 GMT
Server: Apache/2.4.52 (Ubuntu)
Content-Type: text/html; charset=iso-8859-1
1 Like

If you are looking for reasons why your DNS is wrong look here

The Warnings are a likely reason for the Errors shown and the earlier query timeouts. Fixing those are a great start at least.


Thanks for your help. I found and fixed the problem.

The problem was that years old DNS addresses for my name servers were configured at my domain registrar (network I updated the addresses and that appears to have fixed everything.


Hi @Torp,

Just so you know the issued certificate that is being served is | 11786813177 does not have in the SANs. So is covered by the issued certificate, but is NOT covered.

covered -

NOT covered -

And is a CNAME to

1 Like

Hi Bruce,

I noticed this problem yesterday, but I don’t know what to do about it. I do want a certificate for Any pointers you can give would be appreciated.




You first need to have the www subdomain in your Apache VirtualHost. I assume it is not there because otherwise your certbot command would have included it.

Use the Apache ServerAlias statement to include the www subdomain in your VirtualHost for port 80 and port 443. Then, this command should add it to your cert

sudo certbot --apache --cert-name -d -d

If you need help with that please start by showing output of these commands

sudo apache2ctl -t -D DUMP_VHOSTS
sudo certbot certificates

Hi Mike,

I finally got to this and got it working.

Thanks for your help.



This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.