HTTP-01 Validation / DNS Problem

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: talpaparne.info

I ran this command: N/A
We use acmephp but programmatically issued a Validation request for talpaparne.info

It produced this output:

{
“type”: “http-01”,
“status”: “invalid”,
“error”: {
“type”: “urn:acme:error:connection”,
“detail”: “dns :: DNS problem: NXDOMAIN looking up A for talpaparne.info”,
“status”: 400
},
“uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/IG2KcMeuPWLn17Y5ZYhF7QvisshhEXIbF8IH7MWr7UY/13244084862”,
“token”: “dt6PCuWXlDvr-GEmYpHEP2ZOzJVsqW-Hta38_OhJJ78”
}

My web server is (include version): N/A

The operating system my web server runs on is (include version): N/A

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): No

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): N/A

It looks like it took the dns record change a while to propagate and it finally did with the correct A records. We tried requesting a validation again a few hours later and still get the same error. It’s only when we request a new challenge / token and present it did it finally go through. Is that expected behavior?

It should be fine if you try right now.

I would say, coincidental timing with your nameservers/authoritative servers updating. There's no reason I can think of that the CA would behave like that.

Edit: or do you mean, that your existing failed challenge didn't update? Challenges are one time deals - if they fail, they fail. You always have to create new ones.

3 Likes

Correct, ah! I see. Yes, so once the challenge fails a new one must be created again. That’s what was hanging us up

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.