The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): cert-manager v1.13.0.
As of 2 days ago I am getting challenges failing
tatus: Presented: false Processing: false Reason: Error accepting authorization: acme: authorization error for ...example.com: 400 urn:ietf:params:acme:error:dns: DNS problem: query timed out looking up CAA for ...example.com State: invalid
I can use unboundtest.com to lookup the CAA of my domain i.e. example.com just fine at it shows as "issue" which I believe will account for subdomains. Is there an issue with my CM setup, or something LE side.
It's going to be hard for people to give you much help without knowing the actual domain name. (The exact names you're trying to get a certificate for, in addition to the names you've placed any CAA records at.) In addition to unboundtest, I'd recommend DNSViz to help troubleshoot, but you need to go into advanced options to tell it specifically to look up CAA and show you the results.
I'd say it's about 90% chance something on your side, 1% chance something on LE's side, and 9% chance it's something in-between. I just completely made up all those numbers, though.
Yeah, ns3.ntnxdpro.com doesn't seem to be responding, and Unboundtest is timing out when trying to look up CAA for p10y.ntnxdpro.com. Definitely some DNS weirdness going on.
nslookup -q=ns ntnxdpro.com ns3.ntnxdpro.com
;; communications error to 2600:1f14:cbd:3000:240e:2282:3264:7a67#53: permission denied
;; communications error to 34.209.2.169#53: host unreachable
;; no servers could be reached
dig +nssearch ntnxdpro.com
SOA ns1.ntnxdpro.com. hostmaster.ntnxdpro.com. 2023052483 7200 300 1209600 120 from server 192.146.154.105 in 72 ms.
SOA ns1.ntnxdpro.com. hostmaster.ntnxdpro.com. 2023052483 7200 300 1209600 120 from server 192.146.154.106 in 72 ms.
;; communications error to 34.209.2.169#53: host unreachable
;; communications error to 2600:1f14:cbd:3000:240e:2282:3264:7a67#53: permission denied
