Unable to issue new certs


I’m looking for some support since I’m running out of ideas.

My domain is: apia.ctmconsulting.it

I ran this command: certbot --authenticator standalone --installer apache --pre-hook “service apache2 stop” --post-hook “service apache2 start”

It produced this output:

Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter ‘c’ to cancel): 1
Running pre-hook command: service apache2 stop
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for apia.ctmconsulting.it
Waiting for verification…
Cleaning up challenges
Running post-hook command: service apache2 start
Failed authorization procedure. apia.ctmconsulting.it (http-01): urn:acme:error:dns :: DNS problem: query timed out looking up A for apia.ctmconsulting.it


  • The following errors were reported by the server:

    Domain: apia.ctmconsulting.it
    Type: None
    Detail: DNS problem: query timed out looking up A for

I have already checked DNSSEC and stuff like that, but for .it domains I cannot set DS records in my registrar.
What am I doing wrong?

Best regards,


Your two nameservers appear to have gone offline in the last few minutes, and their glue records too.

What are you running for your nameservers?

Edit: it seems like whatever you did solved your problem.

I’m having some issue with the nameserver, I’ll reply as soon as I have them online again.

Hi, the outrage should have been resolved.


That’s strange: I just have rebooted the nameserver, nothing more.
Why should that be connected?

I don’t know, and it seems like it’s broken again.

When you had only one nameserver delegated (, Let’s Encrypt seemed to be able to resolve the domain, but after you re-added the second one (, it seems like query timeouts and SERVFAILs are back. Or maybe the reboots were the only relevant factor.

A staff member may be able to check the server-side logs for you, when they become available.


anybody from the staff can help me?



Hi @aramilialon

apia.ctmconsulting.it has already a new Letsencrypt-certificate, created Tuesday, 2018-07-03, vaild 2018-10-01.

Looks ok.

Looks ok to me either. Now I’m trying to get a certificate for uhura.ctmconsulting.it and no way for the same reason.



This subdomain doesn't work.

This site can’t be reached
uhura.ctmconsulting.it refused to connect.

Points to without connection. is ok. Is there a firewall or something else?

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.