Issue while renew

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: www.abc.gov.in

I ran this command: sudo certbot renew

It produced this output:

1 renew failure(s), 0 parse failure(s)

IMPORTANT NOTES:

• The following errors were reported by the server:

  Domain: www.abc.gov.in
  Type: dns
  Detail: DNS problem: query timed out looking up A for
  www.abc.gov.in; DNS problem: query timed out looking up AAAA
  for www.abc.gov.in

My web server is (include version): Apache

The operating system my web server runs on is (include version): AWS Linux

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): Certbot version : 1.11.0

here is the Letsdebug out put :

[IssueFromLetsEncrypt](https://letsdebug.net/www.abc.gov.in/2452845#Issue FromLetsEncrypt-Error)

A test authorization for www.abc.gov.in to the Let's Encrypt staging service has revealed issues that may prevent any certificate for this domain being issued.

DNS problem: query timed out looking up A for www.abc.gov.in; DNS problem: query timed out looking up AAAA for www.abc.gov.in

it was successfully renew from last 1 year. no configuration changed on server.

Hello @ujjawal,

Please show the output of each of the following commands

• sudo certbot certificates
• sudo apachectl -t -D DUMP_VHOSTS

You might want to consider upgrading Certbot;
see Certbot 4.0.0 released

Edit

There are also significant DNS issues see these

• Zonemaster
• EDNS Compliance Tester
• Hardenize Report: dlacbic.gov.in
  
  

  image897×379 30.6 KB

Presently I believe this is the first issue to be solved, as Let's Encrypt uses Multi-Perspective Validation Improves Domain Validation Security - Let's Encrypt

Since these are Domain Validation (DV) certificates the Domain Name System (DNS) is used extensively in the validation process as well a allowing us to assist here on Let's Encrypt community.
DNS Queries need to give consistent results from any location on the Internet, all your authoritative DNS Servers for the Domain need to also give consistent results as well.

so DNS server issue is the culprit right ? is it possible that DNS sever is blocking queries from some location because when i use dig command, from my host machine it gives me proper response and answers.

is it due to any geo blocking firwall ?

I don't see you ever getting a Let's Encrypt certificate. Only ones from Amazon or Sectigo

image2196×411 97.1 KB

Your previous thread (see here) I described the changes you need to make to your CAA records to allow Let's Encrypt to issue a cert. That doesn't affect the error you describe in this thread but it will be a problem if you want a Let's Encrypt cert. Do you?

This thread's problem to the Let's Encrypt staging system is related to your DNS servers. Some of them do not reply properly. That is difficult to test with dig commands but see DNSViz Errors for detailed errors.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.