Unable to issue new certs

aramilialon · July 3, 2018, 9:13am

Hi!

I’m looking for some support since I’m running out of ideas.

My domain is: apia.ctmconsulting.it

I ran this command: certbot --authenticator standalone --installer apache --pre-hook “service apache2 stop” --post-hook “service apache2 start”

It produced this output:

Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter ‘c’ to cancel): 1
Running pre-hook command: service apache2 stop
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for apia.ctmconsulting.it
Waiting for verification…
Cleaning up challenges
Running post-hook command: service apache2 start
Failed authorization procedure. apia.ctmconsulting.it (http-01): urn:acme:error:dns :: DNS problem: query timed out looking up A for apia.ctmconsulting.it

IMPORTANT NOTES:

The following errors were reported by the server:

Domain: apia.ctmconsulting.it
Type: None
Detail: DNS problem: query timed out looking up A for
apia.ctmconsulting.it

I have already checked DNSSEC and stuff like that, but for .it domains I cannot set DS records in my registrar.
What am I doing wrong?

Best regards,

Giorgio

_az · July 3, 2018, 9:49am

Your two nameservers appear to have gone offline in the last few minutes, and their glue records too.

What are you running for your nameservers?

Edit: it seems like whatever you did solved your problem.

aramilialon · July 3, 2018, 10:04am

I’m having some issue with the nameserver, I’ll reply as soon as I have them online again.

aramilialon · July 3, 2018, 11:22am

Hi, the outrage should have been resolved.
BR,

Giorgio

aramilialon · July 3, 2018, 12:16pm

That’s strange: I just have rebooted the nameserver, nothing more.
Why should that be connected?

_az · July 3, 2018, 12:25pm

I don’t know, and it seems like it’s broken again.

When you had only one nameserver delegated (5.9.189.242), Let’s Encrypt seemed to be able to resolve the domain, but after you re-added the second one (5.9.189.243), it seems like query timeouts and SERVFAILs are back. Or maybe the reboots were the only relevant factor.

A staff member may be able to check the server-side logs for you, when they become available.

aramilialon · July 6, 2018, 9:18am

Hi,

anybody from the staff can help me?

BR,

Giorgio

JuergenAuer · July 6, 2018, 10:32am

Hi @aramilialon

apia.ctmconsulting.it has already a new Letsencrypt-certificate, created Tuesday, 2018-07-03, vaild 2018-10-01.

Looks ok.

aramilialon · July 6, 2018, 10:44am

Hi,
Looks ok to me either. Now I’m trying to get a certificate for uhura.ctmconsulting.it and no way for the same reason.

Br,

Giorgio

JuergenAuer · July 6, 2018, 10:55am

This subdomain doesn't work.

This site can’t be reached
uhura.ctmconsulting.it refused to connect.

Points to 5.9.189.243 without connection. http://5.9.189.242/ is ok. Is there a firewall or something else?

system · August 5, 2018, 10:55am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.