I’m having trouble with a DNS resolving to the wrong IP address and I’m wondering if it is because of Cert-Manager and Let’s Encrypt/ACME that I tried to use with my Azure kubernetes service.
I originally tried to use Cert-Manager and Let’s Encrypt for my AKS ingress so that it could be verified, but unfortunately it wasn’t working because of being a private DNSZone in Azure. I removed the Cert-Manager pods and setup, plus deleted the cluster to start over. However, when I look up markethound20-dev.com, using digwebinterface, it resolves to an IP address of 66.96.162.150. I used mxtoolbox.com and other things to find out that it is eigbox.net which is Endurance International Group, who is a domain provider.
I’m not seeing anything besides that with markethound20-dev.com as a name, so I’m wondering if something is stuck since I tried to use it with Cert-Manager.
Is there a way I can verify this? Is there a way I can delete the domain, account, or whatever else if it is true that it is stuck with ACME/Let’s Encrypt?
I’ve checked everywhere that I can for a DNS record that shows the 66.96.162.150 in Azure, but unfortunately it isn’t showing up anywhere. I also tore down the AKS clusters to make sure their DNS servers weren’t the problem, but still not able to resolve this issue.
There is a non-authoritative server out there that has the domain linked to that IP address, however. I can’t find where it is at. The only thing I could think of is that the Let’s Encrypt settings were still holding onto some record that it won’t get rid of.
I can’t verify the domain or do anything with it since the IP address is wrong. I tried using cert-manager again to see if it was something stuck with it, but instead I get a Unexpected response code ‘SERVFAIL’ for markethound20-dev.com.letsencrypt.vdeck.eigdyn.com, which google indicates that Let’s Encrypt is unable to process the certificate due to not being able to verify the domain.
I see the acme_challenge TXT record being created, but it won’t update the IP address to the one specified for the DNSZone.
markethound20-dev.com. 172800 IN NS ns1.domain.com.
markethound20-dev.com. 172800 IN NS ns2.domain.com.
Edit:
So the A record can probably be changed or removed in Domain.com’s control panel.
I’m unsure why Let’s Encrypt couldn’t resolve the _acme-challenge record set. It works for me.
_acme-challenge.markethound20-dev.com. 3600 IN CNAME markethound20-dev.com.letsencrypt.vdeck.eigdyn.com.
markethound20-dev.com.letsencrypt.vdeck.eigdyn.com. 1 IN TXT "chVxiPFesXwH65QL8crFgwSYv2DZxMpVvZVfM6vu3C8"
markethound20-dev.com.letsencrypt.vdeck.eigdyn.com. 1 IN TXT "TtqDot1wqX-8rebAyt-Itbr0ucUzS7KfTOjh0RMvBSI"
These are the repetitive messages I receive for the challenge record:
1 controller.go:206] challenges controller: syncing item ‘cert-manager/markethound20-cert-dev-959823159-0’
I0612 22:23:02.007207 1 dns.go:101] Checking DNS propagation for “markethound20-dev.com” using name servers: [10.0.0.10:53]
I0612 22:23:02.068279 1 wait.go:70] Updating FQDN: _acme-challenge.markethound20-dev.com. with it’s CNAME: markethound20-dev.com.letsencrypt.vdeck.eigdyn.com.
I0612 22:23:02.123128 1 sync.go:176] propagation check failed: Could not determine the zone for “markethound20-dev.com.letsencrypt.vdeck.eigdyn.com.”: Unexpected response code ‘SERVFAIL’ for markethound20-dev.com.letsencrypt.vdeck.eigdyn.com.
I’m going to see if I can talk to domain.com since I don’t have an account with them that I know of.
I’m working to see if I can get into the domain.com account for it to update the A record on their site. Thank you for the suggestions @mnordhoff and @JuergenAuer!! I appreciate all your help!
(Still not sure why you can validate the challenge record and I can’t though. )
)