Not validate chalenge dns ttx

korrel · April 30, 2020, 8:02am

My domain is:
ast.docflow.bpm.unitybase.info

I ran this command:
manual from https://www.sslforfree.com

It produced this output:
Domain “ast.docflow.bpm.unitybase.info” challenge3 failed. Response from “https://acme-v02.api.letsencrypt.org/acme/chall-v3/4269228387/aAt4nA” was:

Warning: Your verification URL is not returning the correct contents to our verification servers. The URL looks like it is blocking bots and which inadvertently blocks our servers from receiving the correct content. Contact your host, a professional developer or admin for further help with fixing it.

Error: DNS problem: SERVFAIL looking up TXT for _acme-challenge.ast.docflow.bpm.unitybase.info - the domain’s nameservers may be malfunctioning

Full Error: { “type”: “dns-01”, “status”: “invalid”, “error”: { “type”: “urn:ietf:params:acme:error:dns”, “detail”: “DNS problem: SERVFAIL looking up TXT for _acme-challenge.ast.docflow.bpm.unitybase.info - the domain’s nameservers may be malfunctioning”, “status”: 400 }, “url”: “https://acme-v02.api.letsencrypt.org/acme/chall-v3/4269228387/aAt4nA”, “token”: “-f4PFRFXQZmiTUKJTayDVyWVkJtG1wU8xH_LMPLoHh8” }

vireify from site:
https://www.sslforfree.com/create?dns_txt_verify=_acme-challenge.ast.docflow.bpm.unitybase.info
OK
and check from https://mxtoolbox.com/:
TXT _acme-challenge.ast.docflow.bpm.unitybase.info 1 sec tlFTUesKx6qE0IxBJ6ywj2L7vVDPpL3E_5hgMcVMUAE
OK

What my problem?

stevenzhu · April 30, 2020, 10:28am

Just like the error message suggests, your nameserver might not working properly. In this case, tests indicate it’s having timeout issue. https://letsdebug.net/ast.docflow.bpm.unitybase.info/129012
There were another test 2 hours ago with same result (NS timeout).
There might be some issue with your name server, e.g. not replying from certain IP unable to connect etc.

korrel · April 30, 2020, 2:39pm

maybe our domain zone unitybase.info banned?

stevenzhu · April 30, 2020, 5:48pm

Nope. If it’s forbid issuance, there’s a different message for that.

jple · April 30, 2020, 6:40pm

I believe this may be the same issue: During secondary validation: DNS problem: query timed out looking up A

@korrel has it resolved for you?

Best,
JP

korrel · May 2, 2020, 6:39pm

thnks all,
Our provider blocked letsencrypt ips, so many request for chalenge certs, (like ddos)
Now ips revert to work and certs were are recive

system · June 1, 2020, 6:39pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.