It produced this output:
Failed authorization procedure. admin.boone.hpisd.org (http-01): urn:ietf:params:acme:error:dns :: During secondary validation: DNS problem: SERVFAIL looking up A for admin.boone.hpisd.org - the domain's nameservers may be malfunctioning, boone.hpisd.org (http-01): urn:ietf:params:acme:error:dns :: During secondary validation: DNS problem: SERVFAIL looking up A for boone.hpisd.org - the domain's nameservers may be malfunctioning
Note that the letsdebug.net output for these domains passes validation 100% of the time after repeated checks:
Simply removing the --staging toggle and hitting LE production environment solves the issue; It appears to only occur in staging.
I wonder if this is a regression related to this previously closed topic:
These are worldnic.com hostnames. Earlier this year, network issues were resolved between LE and worldnic.com nameservers which were preventing us and other large hosting providers from generating certs for large numbers of customer (hundreds of domains in our case).
Could it be that whatever solution you reached resolved the issue only in your production environment, while worldnic.com continues to block your staging environment (or rate-limit it, or w/e the original issue was) ?
@lancedolan, thank you for this report! I believe our diverse-perspective resolver addresses may have rotated. I have opened communication with worldnic and will update this thread as I get information.