Let's Encrypt isn't providing any of the numbers. The DNS servers specified by you for your domain name, which Let's Encrypt neither owns nor controls, are providing the numbers. Essentially, Let's Encrypt is attempting to look up your address using the servers you've specified (or not specified) and can't figure out which door to knock on.
4 Likes
Is there a way i can make letsencrypt validate from one dns that "sees" me?
thanks,
That is not possible. Let's Encrypt only uses a recursive lookup using the servers you have specified in your DNS configuration.
The only way for you to obtain certificates is to fix your authoritative name server. (ns.itnc.ro)
5 Likes
Imagine you own a bank and someone is calling a phone number for your bank, but most of the people answering that call know nothing about your bank. That's basically what's happening when Let's Encrypt is trying to "call" your server. Since only you control who is answering the phone, Let's Encrypt can't really do anything about it. 
6 Likes
Hello,
@ski192man (the Internet does look different depending on where one is looking from)
From my server's dns point it looks good. From other dns's server it looks nok.
All i need is a certificate for my server.
Thanks,
I'm not sure how else to respond.
Let's Encrypt requires that your server appear the same from multiple points on the internet (everywhere). They will not issue a certificate if it does not. In fact, no certificate authority is permitted to issue a certificate if it does not.
6 Likes
Hello,
FOA, i dont own a bank. I'm working 
SOA, if someone is calling "my" bank, where they have the bank's phone number from?
That's the question..
If the people answering the "bank"'s phone number don't know anything about a bank, they are not working for the bank. The people calling don't have the "right" phone number.
In my case, they dont have a phone number at all. That's the pb.. I can't give letsencrypt's validator a good phone number.
Thanks,[quote="griffin, post:24, topic:236660, full:true"]
Imagine you own a bank and someone is calling a phone number for your bank, but most of the people answering that call know nothing about your bank. That's basically what's happening when Let's Encrypt is trying to "call" your server. Since only you control who is answering the phone, Let's Encrypt can't really do anything about it.
[/quote]
The "phone number" being called here is your domain name and the "people" answering and having no information about your domain name are the DNS servers you have delegated to "answer" with information about your domain name. Inconsistent/broken information isn't usable for verification. It would be like sending you 10 emails to verify your email account and only having 2 of them (if any) actually arrive when all 10 are required for verification. The sender can't fix your email even if they wanted to. As to how to go about fixing your nameserver issues, that's technically beyond the scope of this forum, but someone here still might have recommendations. It's something you really want fixed not just for acquiring a TLS certificate, but for the operation of your site in general. You're not alone. We've seen worse. 
4 Likes
The exact answer would be they are calling my bank's name from their's mobile phone. But they don't have the number! Just the name!
@griffin
Thanks for comforting me. That does ease the pain.
Got to go get some sleep. Talk to you all tomorrow!
Have a nice afternoon!
1 Like
ns.itnc.ro is not resolving properly, mxtoolbox can somewhat resolve your name server however you should have two name servers ns1 on site and ns2 in another location for redundancy.
When running dig on my workstation there is no A Record that points to your WAN IP. Are you using BIND ? PowerDNS ?
BIND9 Authoritative Name Servers will require _acme-challenge zones if you plan on using DNS-01 Challenge. Before messing with getting a SSL Certificate I recommend fixing the DNS Situation.
Regards
1 Like
Hello,
It seems that my server isn't accessible from places around the net. Somehow, some sites can access my nameserver. I dont know what i should do for this to happen. All I need is A certificate for my server.
Thank you for your reply!
Andrei
I would say that it's a lot more important to have working nameservers than a certificate, but I can see how they could be viewed as separate concerns. In the case of Let's Encrypt (and probably most, if not all, ACME CAs), the current challenge types for verifying domain control all require working nameservers.
5 Likes
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.