Secondary validation has been failing for almost a week now

We changed nothing on our side.
It's been failing with all kinds of errors.

Verify error:During secondary validation: DNS problem: networking error looking up A for
Verify error:During secondary validation: No valid IP addresses found for
Verify error:During secondary validation: DNS problem: query timed out looking up CAA

Hi @holobolo0815

your domain name is required if you want help.

Secondary validation fails -> you may block some ip addresses.


I should have said that our scripted renewal at 03:01AM (CEST = UTC+0100) failed for the last 8 days.

Our ISP is doing DNS for us. They are not blocking anything.

I've ran the validation right now manually with success.

We have now moved our schedule from 03:01AM to some other time.

It's better to include a randomized delay for renewals. If everybody keeps renewing at xx:00 or yy:01, the peak in load on the Let's Encrypt servers could lead to such things.

Please include a randomized delay between 5 and 55 minutes for the renewal cronjob. (I think it's better to randomize from 5 minutes, as unfortunately most people probably don't include such a delay at all, so it's best to not use the minutes around the whole hour mark at all.)

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.