LDNS error - when renewing certficates with getssl

Help
5

Hi timkimber,

thanks for your answer. Here's the -d -output:

detected os type = linux

Running \e[01;31m ========= \e[01;37mSystemRescue 8.05 (x86_64)\e[01;31m ======== \e[01;37m\l\e[00;37m/6\e[01;31m =========
\e[00;31mhttps://www.system-rescue.org/

\e[00;31m*\e[01;31m Console environment\e[00;37m :
Run \e[01;37msetkmap\e[00;37m to choose the keyboard layout

\e[00;31m*\e[01;31m Graphical environment\e[00;37m :
Type \e[01;37mstartx\e[00;37m to run the graphical environment
X.Org comes with the XFCE environment and several graphical tools:
\e[00;31m-\e[00;37m Partition manager: .. \e[01;37mgparted\e[00;37m
\e[00;31m-\e[00;37m Web browser: ........ \e[01;37mfirefox\e[00;37m
\e[00;31m-\e[00;37m Text editor: ........ \e[01;37mfeatherpad\e[00;37m

checking for required which ... /usr/bin/which

checking for required openssl ... /usr/bin/openssl

checking for required curl ... /usr/bin/curl

checking for dig ... /usr/bin/dig

function dig found at /usr/bin/dig - setting DNS_CHECK_FUNC to dig

checking for required dirname ... /usr/bin/dirname

checking for required awk ... /usr/bin/awk

checking for required tr ... /usr/bin/tr

checking for required date ... /usr/bin/date

checking for required grep ... /usr/bin/grep

checking for required sed ... /usr/bin/sed

checking for required sort ... /usr/bin/sort

checking for required mktemp ... /usr/bin/mktemp

Checking for releases at https://api.github.com/repos/srvrco/getssl/releases/latest

{"url":"https://api.github.com/repos/srvrco/getssl/releases/51143195","assets_url":"https://api.github.com/repos/srvrco/getssl/releases/51143195/assets","upload_url":"https://uploads.github.com/repos/srvrco/getssl/releases/51143195/assets{?name,label}","html_url":"https://github.com/srvrco/getssl/releases/tag/v2.45","id":51143195,"author":{"login":"timkimber","id":15785928,"node_id":"MDQ6VXNlcjE1Nzg1OTI4","avatar_url":"https://avatars.githubusercontent.com/u/15785928?v=4","gravatar_id":"","url":"https://api.github.com/users/timkimber","html_url":"https://github.com/timkimber","followers_url":"https://api.github.com/users/timkimber/followers","following_url":"https://api.github.com/users/timkimber/following{/other_user}","gists_url":"https://api.github.com/users/timkimber/gists{/gist_id}","starred_url":"https://api.github.com/users/timkimber/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/timkimber/subscriptions","organizations_url":"https://api.github.com/users/timkimber/orgs","repos_url":"https://api.github.com/users/timkimber/repos","events_url":"https://api.github.com/users/timkimber/events{/privacy}","received_events_url":"https://api.github.com/users/timkimber/received_events","type":"User","site_admin":false},"node_id":"RE_kwDOAvJYls4DDGIb","tag_name":"v2.45","target_commitish":"master","name":"Stable Release 2.45","draft":false,"prerelease":false,"created_at":"2021-10-11T13:31:25Z","published_at":"2021-10-11T13:36:26Z","assets":,"tarball_url":"https://api.github.com/repos/srvrco/getssl/tarball/v2.45","zipball_url":"https://api.github.com/repos/srvrco/getssl/zipball/v2.45","body":"2021-10-08 Extract release tag from release api using awk (#717) (fix BSD issues)\r\n2021-10-11 Fix broken upgrade url (#718)(2.45)"}

current code is version 2.45

Most recent version is 2.45

reading config from /mnt/linux/home/pfeiffer/.getssl/getssl.cfg

checking for required dig ... /usr/bin/dig

Making temp directory - /mnt/linux/home/pfeiffer/.getssl/pfeiffer-koberstein-immobilien.de/tmp

reading config from /mnt/linux/home/pfeiffer/.getssl/pfeiffer-koberstein-immobilien.de/getssl.cfg

HAS NSLOOKUP=true

HAS DIG_OR_DRILL=drill

DIG_SUPPORTS_NOIDNOUT=true

HAS HOST=true

Has lftp

Using certificate issuer: https://acme-staging-v02.api.letsencrypt.org

checking config

checked ACCOUNT_KEY_TYPE

checked PRIVATE_KEY_ALG

checking domain pfeiffer-koberstein-immobilien.de

DNS lookup using drill pfeiffer-koberstein-immobilien.de
Error: error sending query: General LDNS error
Error: error sending query: General LDNS error
Error: error sending query: General LDNS error

DNS lookup using host pfeiffer-koberstein-immobilien.de

DNS lookup using nslookup -query AAAA pfeiffer-koberstein-immobilien.de

found IPv4 record for pfeiffer-koberstein-immobilien.de

checking domain www.pfeiffer-koberstein-immobilien.de

DNS lookup using drill www.pfeiffer-koberstein-immobilien.de
Error: error sending query: General LDNS error
Error: error sending query: General LDNS error
Error: error sending query: General LDNS error

DNS lookup using host www.pfeiffer-koberstein-immobilien.de

DNS lookup using nslookup -query AAAA www.pfeiffer-koberstein-immobilien.de

found IPv4 record for www.pfeiffer-koberstein-immobilien.de

pfeiffer-koberstein-immobilien.de: check_config completed - all OK

ca_all_loc from https://acme-staging-v02.api.letsencrypt.org gives

Boulder: The Let's Encrypt CA 

  <div class="col-xs-6 text-left">
    <h1>Boulder<br>
    <small>The Let's Encrypt CA</small></h1>
  </div>
</div>

<div class="row">
  <div class="col-xs-8 col-xs-offset-2 text-center">
    <h3>This is an <a href="https://github.com/letsencrypt/acme-spec/">ACME</a> Certificate Authority running <a href="https://github.com/letsencrypt/boulder">Boulder</a>.</h3>
    <p>This is a <em>programmatic</em> endpoint, an API for a computer to talk to. You should probably be using a specialized client to utilize the service, and not your web browser. See <a href="https://letsencrypt.org/"><tt>https://letsencrypt.org/</tt></a> for help.</p>
    <p>If you're trying to use this service, note that the starting point, <em>the directory</em>, is available at this URL: <a href="https://acme-staging-v02.api.letsencrypt.org/directory"><tt>https://acme-staging-v02.api.letsencrypt.org/directory</a></tt>.</p>
  </div>
</div>
<div class="row">
  <div class="col-xs-4 col-xs-offset-2 text-center">
    <p><a href="https://letsencrypt.status.io" title="Twitter">
      <i class="fa fa-area-chart"></i>
      Service Status (letsencrypt.status.io)
    </a></p>
  </div>
  <div class="col-xs-4 text-center">
    <p><a href="https://twitter.com/letsencrypt" title="Twitter">
      <i class="fa fa-twitter"></i>
      Check with us on Twitter
    </a></p>
  </div>
</div> <!-- row -->

ca_all_loc from https://acme-staging-v02.api.letsencrypt.org/directory gives {
"kFk0pGdmtic": "Adding random entries to the directory",
"keyChange": "https://acme-staging-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"caaIdentities": [
"letsencrypt.org"
],
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
"website": "Staging Environment - Let's Encrypt"
},
"newAccount": "https://acme-staging-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-staging-v02.api.letsencrypt.org/acme/new-order",
"renewalInfo": "https://acme-staging-v02.api.letsencrypt.org/get/draft-aaron-ari/renewalInfo/",
"revokeCert": "https://acme-staging-v02.api.letsencrypt.org/acme/revoke-cert"
}

Using API v2

getting certificate for pfeiffer-koberstein-immobilien.de from remote server (pfeiffer-koberstein-immobilien.de)

certificate on server is same as the local cert

created SAN list = subjectAltName=DNS:pfeiffer-koberstein-immobilien.de,DNS:www.pfeiffer-koberstein-immobilien.de

certificate /mnt/linux/home/pfeiffer/.getssl/pfeiffer-koberstein-immobilien.de/pfeiffer-koberstein-immobilien.de.crt exists

local cert is valid until Mar 8 15:54:55 2022 GMT

local cert is for domains: pfeiffer-koberstein-immobilien.de,www.pfeiffer-koberstein-immobilien.de
pfeiffer-koberstein-immobilien.de: certificate is valid for more than 30 days (until Mar 8 15:54:55 2022 GMT)