Please fill out the fields below so we can help you better.
My domain is: estada.ch
I ran this command: certbot certonly --webroot -w /srv/letsencrypt_confirmation -d estada.ch -d www.estada.ch
It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org Obtaining a new certificate Performing the following challenges: http-01 challenge for estada.ch http-01 challenge for www.estada.ch Using the webroot path /srv/letsencrypt_confirmation for all unmatched domains. Waiting for verification... Cleaning up challenges Failed authorization procedure. estada.ch (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: DNS problem: query timed out looking up A for estada.ch, www.estada.ch (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: DNS problem: query timed out looking up A for www.estada.ch IMPORTANT NOTES: - The following errors were reported by the server: Domain: estada.ch Type: connection Detail: DNS problem: query timed out looking up A for estada.ch Domain: www.estada.ch Type: connection Detail: DNS problem: query timed out looking up A for www.estada.ch To fix these errors, please make sure that your domain name was entered correctly and the DNS A record(s) for that domain contain(s) the right IP address. Additionally, please check that your computer has a publicly routable IP address and that no firewalls are preventing the server from communicating with the client. If you're using the webroot plugin, you should also verify that you are serving files from the webroot path you provided.
My web server is (include version):
installed with apt
The operating system my web server runs on is (include version):
Debian 8 with all patches
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don’t know):
yes and a month ago I was able to request a certificate for https://data.estada.ch
I suspect your verification service relies on googles public DNS resolver since they refuse to resolve to my zone and the error states the same.
If not, can you flush your DNS cache? Or do you have any hints?