Renew Certificate GCP DNS errors

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. |, so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: hxxps://parallel.testassure[.]com/developer

I ran this command:1. kubectl describe letsencrypt-tls -n parallel
2. kubectl describe -n parallel

It produced this output:
1.The certificate request has failed to complete and will be retried: Failed to wait for order resource "" to become ready: order is in "invalid" state:
2.Error accepting authorization: acme: authorization error for 400 urn:ietf:params:acme:error:dns: During secondary validation: DNS problem: query timed out looking up TXT for
Error accepting challenge: 400 urn:ietf:params:acme:error:malformed: Unable to update challenge :: authorization must be pending

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is: GCP nginx, letsencrypt

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

This is the URI-
Found that the process had been failing for a bit now and cant renew the certificate.
Looking for some assistance on what is failing. I have gone through the other post and didnt find a solution or anything specific to my issue.

Had to delete the certificate request and renew again since the challenges and order are never updated after the first try. Definitely a gap that needs to be addressed as i shouldnt have to delete a request for this to go through.
For those looking for assistance check your orders and challenges if they failed there check for DNS issues and update where needed if on your side. Otherwise if the order or challenges are in a invalid or failed state, they are likely going to stay that way. To fix this you need to delete the certificate request, and either renew the certificate or wait for the certificate request to renew on its own.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.