Media Temple: DNS timing out getting A record

Do you understand how DNS works? How to make it truly redundant/resillient?
You mention hosting and DNS in the same breath.
You do realize that they aren't mutually inclusive.
There are hosting service providers.
There are DNS service providers.
Some do both.
Some do things better than others.
The point is that you have options.
Maintaining the hosting you have (presumably) already paid for (in advance), you could easily still:

  • host your site at MediaTemple and serve your DNS elsewhere
  • host your site at MediaTemple and serve your DNS at MediaTemple AND elsewhere

IMHO, here are some reliable DSPs (some even offer FREE services):
CloudNS.net
1984.is
Cloudflare DNS

[note: There are plenty of other DNS service providers out there]

For comparison, here are independent reports that may better explain it:
DNS Spy report for pianisssimo.com
DNS Spy report for beer4.work

1 Like

I'm actually very happy that you reported this to us, David. :slightly_smiling_face:

I would really like to fully resolve this trend with Media Temple.

1 Like

Same issue here.

Error: Could not issue a Let's Encrypt SSL/TLS certificate for eaglesfootball.com . Authorization for the domain failed.
Details

Invalid response from https://acme-v02.api.letsencrypt.org/acme/authz-v3/15653275241.
Details:
Type: urn:ietf:params:acme:error:dns
Status: 400
Detail: DNS problem: query timed out looking up A for eaglesfootball.com

1 Like

Please lean on mediatemple to work with LE to resolve this issue.

3 Likes

Creating support ticket as we speak!

3 Likes

It's certainly well more than a coincidence at this point. By all means, all of you struggling with Media Temple, please lean on them.

2 Likes

Here were some comments from a live chat with an MT tech.

To complete the verification in the meantime, you could try pointing the domains to external nameservers and setting up any verification records needed there, and then point the domain name back to the (mt) Media Temple nameservers once the certificates are created.

When testing eaglesfootball.com with mxtoolbox.com, it is able to get the DNS and NS information for the domain, so the nameservers are publicly accessible. Network Tools: DNS,IP,Email

If the domains are registered with GoDaddy, I would create the DNS zone files on their nameservers first and recreate the DNS records to point to the DV Server before the domain is pointed to their nameservers.

The error message from Plesk indicates that the Let's Encrypt servers are not able to pull the DNS information from our nameservers for some reason. It is possible due to an issue with the DNS resolvers used on the Let's Encrypt verification servers.

Based on the error message posted, and the results from mxtoolbox.com, it appears to be an issue in the Let's Encrypt system currently.

2 Likes

I'll relay to the LE staff.

1 Like

I hear: We are standing in the problem and can't see it.

Then they are likely not looking in the right place.
My money is in that they have recently changed or implemented new inline systems (like: an IPS) that may have control over inbound DNS connections. And are perhaps blocking, or mangling, some valid LE requests.

3 Likes

Got off the phone with MT. Here are some new things I'll be trying.

We don't cover support on Let's Encrypt SSL's unfortunately but we do provide a detailed guide on installation that will hopefully guide you through by successfully securing your sites with their services.

Install a Let's Encrypt SSL | Media Temple Community

This also seems to be pointing that it could be a temporary issue from within Let's Encrypt's Servers:

DNS query timed out - #11 by jpbe

Also googled about Plesk + Let's Encrypt and found the following:

I will also be trying simply temporarily re-creating my current DNS setting back at GoDaddy to simply get past the problem and move on with my life for the weekend.

2 Likes

That's an ancient thread. The sudden influx of threads now on the Community regarding MediaTemple suggests it's an issue at their end.

2 Likes

For sure. Just leaving breadcrumbs for everyone (myself included) as I try and figure out all options

2 Likes

I gave up caring for the moment and simply moved the DNS for the domains in question to GoDaddy where I had originally bought the domains. I'll play around on a non-important domain in the meantime and see if I can find a silver bullet.

1 Like

Got this from MT:

The issue you have reported has been identified by Media Temple as potentially being part of a wider problem affecting more than one customer. We will update you through this Support Request when there is additional information about this issue, or when it has been resolved. Thank you for your patience in this matter. We hope to provide a timely resolution to this situation.

Looks like they are finally on this.

5 Likes

Isn't that step #1 (admit you have a problem)?

Only eleven more steps to go!

2 Likes

Does the temple part come into play in steps 2 and 3?

2 Likes

Yes, MediaTemple is finally on it. I was just told, "Our engineers are still working on a resolution at this time. We do not have any more information at this time I am sorry to say. This is definitely high priority for our team I assure you."

2 Likes

:partying_face:

'bout time!

1 Like

I was able to get new certs yesterday. I believe they finally resolved the issue.

4 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.