Secondary Validation fails frequently

My domain is:
3pt-ops.com

I ran this command:

docker run --rm \
  -v /var/www/nginx/letsencrypt:/etc/letsencrypt \
  -v /var/www/nginx/certbot:/certbot \
  certbot/certbot certonly --webroot \
  -w /certbot \
  -d cartography.3pt-ops.com \
  -d www.3pt-ops.com \
  -d 3pt-ops.com \
  -m superheroes@3pt-ops.com \
  --agree-tos \
  --force-renewal

It produced this output:

Sat Aug 1 00:00:01 UTC 2020
IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: www.3pt-ops.com
   Type:   dns
   Detail: During secondary validation: DNS problem: query timed out
   looking up A for www.3pt-ops.com

Tue Sep 1 00:00:01 UTC 2020
IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: www.3pt-ops.com
   Type:   dns
   Detail: During secondary validation: DNS problem: networking error
   looking up A for www.3pt-ops.com

   Domain: 3pt-ops.com
   Type:   dns
   Detail: During secondary validation: DNS problem: query timed out
   looking up CAA for 3pt-ops.com

   Domain: cartography.3pt-ops.com
   Type:   dns
   Detail: During secondary validation: No valid IP addresses found
   for cartography.3pt-ops.com

Sun Nov 1 00:00:01 UTC 2020
IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: 3pt-ops.com
   Type:   dns
   Detail: During secondary validation: No valid IP addresses found
   for 3pt-ops.com

   Domain: cartography.3pt-ops.com
   Type:   dns
   Detail: During secondary validation: No valid IP addresses found
   for cartography.3pt-ops.com

   Domain: www.3pt-ops.com
   Type:   dns
   Detail: During secondary validation: DNS problem: networking error
   looking up A for www.3pt-ops.com

The operating system my web server runs on is (include version):
Ubuntu 18.04.05

My hosting provider, if applicable, is:
Google Compute Engine

I can login to a root shell on my machine (yes or no, or I don't know):
Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
No

2 Likes
3 Likes

Funny how the really important fact is found above the IMPORTANT NOTES that follow.

Hawkeye _az !

2 Likes

Oh interesting - just too common of a time to be hitting you guys with renewals? I'll pick a random time then.

Thank you

4 Likes

You got it in one. :+1:

1 Like

Using a sleep delay with a random number is also a good way to offset the actual execution time.

2 Likes

Trying to renew at 0:00:00 or a few seconds before or after is the worse time to try renewals. Always pick random times and as @rg305 suggested, use a sleep delay. Taking a nap always makes you feel better. :slightly_smiling_face:

2 Likes