Http chllenge Failed

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g., so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command: certbot --nginx

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx

Which names would you like to activate HTTPS for?


Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter ‘c’ to cancel): 1,2
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for
http-01 challenge for
Waiting for verification…
Challenge failed for domain
Challenge failed for domain
http-01 challenge for
http-01 challenge for
Cleaning up challenges
Some challenges have failed.


  • The following errors were reported by the server:

    Type: dns
    Detail: DNS problem: query timed out looking up A for

    Type: dns
    Detail: DNS problem: query timed out looking up A for

My web server is (include version): nginx

The operating system my web server runs on is (include version): Oracle Linux 7.7

My hosting provider, if applicable, is: Oracle Cloud

I can login to a root shell on my machine (yes or no, or I don’t know):
yes with sudo su

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): 0.38.0


Could you please retry the operation, there might just be a glich in the system.

update: Different system yielded different result:
unboundtest and few other systems showed all clear, but Let’s Debug showed similar issue.

@_az What’s the reason for the “A record timeout”?
the DNSSEC response is signed too…

Thank you

Hi @rdufoo

looks like your name servers are a problem.

Different checks, different answers.

without a result (a timeout). A few minutes earlier, a lot of “lame” results.

The non-www works - - but the www is terrible.

Ah, now the non-www has lame results:

query response was DNSSEC LAME


I changed DNS provider to Cloudfare and got my certificates.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.