Renewing cert times out

My domain is:

I ran this command:
/bin/certbot -d certonly “*” -d --server --agree-tos -a dns-rfc2136 --dns-rfc2136-propagation-seconds 30 --keep-until-expiring --dns-rfc2136-credentials /etc/

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator dns-rfc2136, Installer None
Starting new HTTPS connection (1):
Cert is due for renewal, auto-renewing…
Renewing an existing certificate
Performing the following challenges:
dns-01 challenge for
dns-01 challenge for

My web server is (include version): Apache/2.4.6 (CentOS)

The operating system my web server runs on is (include version): Cenbtos Version 7

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.31.0

My cert expires in 10 days and I would like to get it fixed before then.
tail end of the letsencrypt log
2019-03-20 12:50:11,468:DEBUG:requests.packages.urllib3.connectionpool:“POST /acme/authz/XJVFcd_VZj4I54NTO9KWXZrYWF1PSJp-KjKMkPA6yuk HTTP/1.1” 200 419
2019-03-20 12:50:11,469:DEBUG:acme.client:Received response:
HTTP 200
content-length: 419
expires: Wed, 20 Mar 2019 19:50:11 GMT
cache-control: max-age=0, no-cache, no-store
strict-transport-security: max-age=604800
server: nginx
connection: keep-alive
pragma: no-cache
boulder-requester: 31894286
date: Wed, 20 Mar 2019 19:50:11 GMT
x-frame-options: DENY
content-type: application/json
replay-nonce: TYUrgMB9_PIPhxwkDZPXCAeF5xdtVozMXHs1vz1AhN8

“identifier”: {
“type”: “dns”,
“value”: “
“status”: “pending”,
“expires”: “2019-03-27T15:50:59Z”,
“challenges”: [
“type”: “dns-01”,
“status”: “pending”,
“url”: “”,
“token”: “gMwfyNmh7E6FUOokGR0tCjoxvYINyTJUvdALbx2pDT0”
“wildcard”: true
2019-03-20 12:50:11,470:DEBUG:acme.client:Storing nonce: TYUrgMB9_PIPhxwkDZPXCAeF5xdtVozMXHs1vz1AhN8
2019-03-20 12:50:11,470:INFO:certbot.auth_handler:Performing the following challenges:
2019-03-20 12:50:11,471:INFO:certbot.auth_handler:dns-01 challenge for
2019-03-20 12:50:11,471:INFO:certbot.auth_handler:dns-01 challenge for

Where is the timeout message? Or does it sit on that final line indefinitely?

Could you share your credentials file (with the secret redacted)?

Can you perform a manual nsupdate from the same server where Certbot is installed, using those same credentials successfully?

It sat on the line forever.
Boy do I feel dumb.
I see why now, I moved the servers from in house to the cloud and didn’t change dns server ip addresses.
Thanks for getting me to look in the credential files. I looked at them but didn’t see the ip until I pasted it her\e.

Target DNS server

dns_rfc2136_server =

TSIG key name

dns_rfc2136_name =

TSIG key secret

dns_rfc2136_secret = Secret

TSIG key algorithm

dns_rfc2136_algorithm = HMAC-SHA512

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.