Unable to issue new certs


#1

Hi!

I’m looking for some support since I’m running out of ideas.

My domain is: apia.ctmconsulting.it

I ran this command: certbot --authenticator standalone --installer apache --pre-hook “service apache2 stop” --post-hook “service apache2 start”

It produced this output:

Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter ‘c’ to cancel): 1
Running pre-hook command: service apache2 stop
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for apia.ctmconsulting.it
Waiting for verification…
Cleaning up challenges
Running post-hook command: service apache2 start
Failed authorization procedure. apia.ctmconsulting.it (http-01): urn:acme:error:dns :: DNS problem: query timed out looking up A for apia.ctmconsulting.it

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: apia.ctmconsulting.it
    Type: None
    Detail: DNS problem: query timed out looking up A for
    apia.ctmconsulting.it

I have already checked DNSSEC and stuff like that, but for .it domains I cannot set DS records in my registrar.
What am I doing wrong?

Best regards,

Giorgio


#2

Your two nameservers appear to have gone offline in the last few minutes, and their glue records too.

What are you running for your nameservers?

Edit: it seems like whatever you did solved your problem.


#3

I’m having some issue with the nameserver, I’ll reply as soon as I have them online again.


#4

Hi, the outrage should have been resolved.
BR,

Giorgio


#5

That’s strange: I just have rebooted the nameserver, nothing more.
Why should that be connected?


#6

I don’t know, and it seems like it’s broken again.

When you had only one nameserver delegated (5.9.189.242), Let’s Encrypt seemed to be able to resolve the domain, but after you re-added the second one (5.9.189.243), it seems like query timeouts and SERVFAILs are back. Or maybe the reboots were the only relevant factor.

A staff member may be able to check the server-side logs for you, when they become available.


#7

Hi,

anybody from the staff can help me?

BR,

Giorgio


#8

Hi @aramilialon

apia.ctmconsulting.it has already a new Letsencrypt-certificate, created Tuesday, 2018-07-03, vaild 2018-10-01.

Looks ok.


#9

Hi,
Looks ok to me either. Now I’m trying to get a certificate for uhura.ctmconsulting.it and no way for the same reason.

Br,

Giorgio


#10

This subdomain doesn’t work.

This site can’t be reached
uhura.ctmconsulting.it refused to connect.

Points to 5.9.189.243 without connection. http://5.9.189.242/ is ok. Is there a firewall or something else?


#11

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.