I’m getting a “query timed out looking up A” when trying to renew a certificate with http validation that has been working just fine for about a year:
Indeed, there seems to be a DNSLookupFailed from let’s encrypt side:
And here I see DNSSEC LAME responses and a final SERVFAIL:
Finally, trying to debug this I see some problem with TCP connections to the nameserver:
However, TCP connections with the nameserver work fine from my side. So I’m not sure if there is some TCP blocking somewhere or any other problem. I’d appreciate any help with this.