LetsEncrypt dns-01 connection timeout error

I’m trying to see if there’s anything further I can do to troubleshoot this issue. It appears my BIND9 DNS server isn’t able to contact LetsEncrypt, however it can do NSLOOKUPs just fine

My domain is: abc.int

I ran this command: certbot certonly --manual --preferred-challenges dns

It produced this output:

Failed authorization procedure. abc.int (dns-01): urn:ietf:params:acme:error:dns :: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.abc.int

Detail: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.abc.int

The operating system my web server runs on is (include version): Fedora 29 ARM64

My hosting provider, if applicable, is: Internal DNS

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.28.0

Are you sure you actually own abc.int domain? If I’m not mistaken, .int is supposed to be reserved for the international treaty-based organisations and it’s rather expensive. Also abc.int does not seem to be registered. Based on your mentioning “Internal DNS” as the hosting provider and saying “my BIND9 DNS server”, perhaps that’s just the domain name you came up with?


Hi @espressobeanies

this is the domain ( https://check-your-website.server-daten.de/?q=abc.int ):

Host T IP-Address is auth. ∑ Queries ∑ Timeout
abc.int Name Error yes 1 0
www.abc.int Name Error yes 1 0

And these are the nameservers:

Domain	Nameserver	NS-IP
	•  sns.dns.icann.org
	•  sns.dns.icann.org
	•  ns.uu.net / Verizon

That's not your domain.

You may use that domain name with your internal server. But I don't see that you are the public owner of that domain. So you can't get a certificate with that domain name.


I see, thank you both for the clarification!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.