Hello, I'm having problems with my renovations.
When I follow the problem report I see this:
https://acme-v02.api.letsencrypt.org/acme/chall-v3/8144997602/4faz3Q
"detail": "DNS problem: SERVFAIL looking up A for un3.dna.uba.ar - the domain's nameservers may be malfunctioning",
If I lookup the domain in the let's debug tool, I see another problem;
FATAL
A fatal issue occurred during the DNS lookup process for un3.dna.uba.ar/CAA.
DNS response for un3.dna.uba.ar/CAA did not have an acceptable response code: SERVFAIL
But when I lookup my domains they seem to work fine:
id 40522 opcode QUERY rcode NOERROR flags QR RD RA
;QUESTION
un3.dna.uba.ar. IN A
;ANSWER
un3.dna.uba.ar. 21599 IN A 168.96.248.12
;AUTHORITY
;ADDITIONAL
What am I missing? This worked fine for more than a year. It automatically renews so I'm not even sure when it started to fail.
Please help
Thanks
J
I included the standard report bellow:
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: afrodita.dna.uba.ar / cloud.dna.uba.ar
I ran this command:
This is OpenBSD
acme-client -vv afrodita.dna.uba.ar
It produced this output:
afrodita:/root{21}# acme-client -vv afrodita.dna.uba.ar
acme-client: acme-client: acme-client: /etc/acme/letsencrypt-privkey.pem: loaded account key
/etc/ssl/private/afrodita.dna.uba.ar.key: loaded domain key/etc/ssl/afrodita.dna.uba.ar.fullchain.pem: certificate renewable: 9 days left
acme-client: https://acme-v02.api.letsencrypt.org/directory: directories
acme-client: acme-v02.api.letsencrypt.org: DNS: 172.65.32.248
acme-client: transfer buffer: [{ "1rrC13s-3KA": "Adding random entries to the directory", "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change", "meta": { "caaIdentities": [ "letsencrypt.org" ], "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf", "website": "https://letsencrypt.org" }, "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct", "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce", "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order", "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert" }] (658 bytes)
acme-client: acme-v02.api.letsencrypt.org: cached
acme-client: acme-v02.api.letsencrypt.org: cached
acme-client: 172.65.32.248: tls_close: EOF without close notify
acme-client: transfer buffer: [{ "key": { "kty": "RSA", "n": "21oQK1EsYW9RG0ATgTL9LgOHYdf3ouHLPtNsCydkxAsE6EgKwM7lKrzBMh4nuf_HlwnvpgY2DJ_yHU0mmXW3OuR9JU7paqXd7MV_jbQt_M8zruA0gtXcGoydBOeC8UpqoWuEIg2PytK-CAluLrAvFGc941j1Rcr0BKlWlqbc4MyxjZ3tIs3eZ5JwHL2W0iBg6G2AL8AZSD5YpoE4EjnpSwXeJtS9tR0Z6__IraeBt20s5MmH8a_3UqGvhLjCBvxmt-uOpDBECOLm3oZzuZjp8E6YUtTfP2K5xzigOh-nPtCO4euymYro3VJaskxP9ics-lEV9UEhOOAWiCqsQ4pjWzrozpiIrM2w0XDwPcoymU4Wsry75yFU5PPpl2oEYsXzs1ZrEwqxc7_Fy9JdON-2mOnlyyeg0DB87tY4K-e-JjukgANMdap14IQPKCK6Oh3ueBGSZo3lkwIYAxmuHBAx-bjx0g7JI_SmZ83Db8ewWiuiLC0WCWpcIBuxd1A5J0l6mNHbRmIFKrxzS0om5C_cQ0pISBAgqh2GwwdNNEChLf3O49Bq3yjdRldeRJfbjqIrDnrvIQ5pUjazLvasuFtxRNxx7kXmwGnEhfnluT0ovZCoiuTTjBVOQsQDMls8yMMkmZkpmM7a7CbmCFKVCapnsb7kEcSnk7F6QQprN85Crt8", "e": "AQAB" }, "contact": , "initialIp": "168.96.248.12", "createdAt": "2017-05-25T00:10:02Z", "status": "valid" }] (857 bytes)
acme-client: acme-v02.api.letsencrypt.org: cached
acme-client: acme-v02.api.letsencrypt.org: cached
acme-client: 172.65.32.248: tls_close: EOF without close notify
acme-client: transfer buffer: [{ "status": "pending", "expires": "2020-11-02T02:53:31.79906508Z", "identifiers": [ { "type": "dns", "value": "afrodita.dna.uba.ar" }, { "type": "dns", "value": "un3.dna.uba.ar" } ], "authorizations": [ "https://acme-v02.api.letsencrypt.org/acme/authz-v3/8145018029", "https://acme-v02.api.letsencrypt.org/acme/authz-v3/8145018035" ], "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/15506422/5875288778" }] (483 bytes)
acme-client: dochngreq: https://acme-v02.api.letsencrypt.org/acme/authz-v3/8145018029
acme-client: acme-v02.api.letsencrypt.org: cached
acme-client: acme-v02.api.letsencrypt.org: cached
acme-client: 172.65.32.248: tls_close: EOF without close notify
acme-client: transfer buffer: [{ "identifier": { "type": "dns", "value": "afrodita.dna.uba.ar" }, "status": "pending", "expires": "2020-11-02T02:53:31Z", "challenges": [ { "type": "http-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/8145018029/zmCPrQ", "token": "ZqlJzId6cRP5TRe94VqOm4qrKMD7BIlKq6GRpU4s5lg" }, { "type": "dns-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/8145018029/Ww4OzA", "token": "ZqlJzId6cRP5TRe94VqOm4qrKMD7BIlKq6GRpU4s5lg" }, { "type": "tls-alpn-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/8145018029/ukPhtA", "token": "ZqlJzId6cRP5TRe94VqOm4qrKMD7BIlKq6GRpU4s5lg" } ] }] (797 bytes)
acme-client: challenge, token: ZqlJzId6cRP5TRe94VqOm4qrKMD7BIlKq6GRpU4s5lg, uri: https://acme-v02.api.letsencrypt.org/acme/chall-v3/8145018029/zmCPrQ, status: 0
acme-client: /var/www/acme/ZqlJzId6cRP5TRe94VqOm4qrKMD7BIlKq6GRpU4s5lg: created
acme-client: https://acme-v02.api.letsencrypt.org/acme/chall-v3/8145018029/zmCPrQ: challenge
acme-client: acme-v02.api.letsencrypt.org: cached
acme-client: acme-v02.api.letsencrypt.org: cached
acme-client: 172.65.32.248: tls_close: EOF without close notify
acme-client: transfer buffer: [{ "type": "http-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/8145018029/zmCPrQ", "token": "ZqlJzId6cRP5TRe94VqOm4qrKMD7BIlKq6GRpU4s5lg" }] (185 bytes)
acme-client: dochngreq: https://acme-v02.api.letsencrypt.org/acme/authz-v3/8145018035
acme-client: acme-v02.api.letsencrypt.org: cached
acme-client: acme-v02.api.letsencrypt.org: cached
acme-client: 172.65.32.248: tls_close: EOF without close notify
acme-client: transfer buffer: [{ "identifier": { "type": "dns", "value": "un3.dna.uba.ar" }, "status": "pending", "expires": "2020-11-02T02:53:31Z", "challenges": [ { "type": "http-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/8145018035/PN07ew", "token": "QdRYHz6IfJ_xjgdZ0U9HqtXq2R5abIxeYnvkhVUjPxA" }, { "type": "dns-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/8145018035/gUbV9w", "token": "QdRYHz6IfJ_xjgdZ0U9HqtXq2R5abIxeYnvkhVUjPxA" }, { "type": "tls-alpn-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/8145018035/52PhxA", "token": "QdRYHz6IfJ_xjgdZ0U9HqtXq2R5abIxeYnvkhVUjPxA" } ] }] (792 bytes)
acme-client: challenge, token: QdRYHz6IfJ_xjgdZ0U9HqtXq2R5abIxeYnvkhVUjPxA, uri: https://acme-v02.api.letsencrypt.org/acme/chall-v3/8145018035/PN07ew, status: 0
acme-client: /var/www/acme/QdRYHz6IfJ_xjgdZ0U9HqtXq2R5abIxeYnvkhVUjPxA: created
acme-client: https://acme-v02.api.letsencrypt.org/acme/chall-v3/8145018035/PN07ew: challenge
acme-client: acme-v02.api.letsencrypt.org: cached
acme-client: acme-v02.api.letsencrypt.org: cached
34.211.6.84 - - [25/Oct/2020:23:53:37 -0300] "GET /.well-known/acme-challenge/ZqlJzId6cRP5TRe94VqOm4qrKMD7BIlKq6GRpU4s5lg HTTP/1.1" 200 87 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)"
acme-client: 172.65.32.248: tls_close: EOF without close notify
acme-client: transfer buffer: [{ "type": "http-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/8145018035/PN07ew", "token": "QdRYHz6IfJ_xjgdZ0U9HqtXq2R5abIxeYnvkhVUjPxA" }] (185 bytes)
acme-client: acme-v02.api.letsencrypt.org: cached
acme-client: acme-v02.api.letsencrypt.org: cached
3.128.26.105 - - [25/Oct/2020:23:53:39 -0300] "GET /.well-known/acme-challenge/QdRYHz6IfJ_xjgdZ0U9HqtXq2R5abIxeYnvkhVUjPxA HTTP/1.1" 200 87 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)"
acme-client: 172.65.32.248: tls_close: EOF without close notify
acme-client: transfer buffer: [{ "status": "invalid", "expires": "2020-11-02T02:53:31Z", "identifiers": [ { "type": "dns", "value": "afrodita.dna.uba.ar" }, { "type": "dns", "value": "un3.dna.uba.ar" } ], "authorizations": [ "https://acme-v02.api.letsencrypt.org/acme/authz-v3/8145018029", "https://acme-v02.api.letsencrypt.org/acme/authz-v3/8145018035" ], "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/15506422/5875288778" }] (474 bytes)
acme-client: order.status -1
acme-client: bad exit: netproc(33373): 1
My web server is (include version):
apache 2.4.39
The operating system my web server runs on is (include version):
OpenBSD
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know):
yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you're using Certbot):
OpenBSDs' 6.8 acme-client