My domain is: *.psiholog360.com, testare.psiholog360.com
I tried to renew certs, and for both I get DNS error, although DNS looks like it's working fine:
- wildcard: .psiholog360.com
Command: certbot -d '.psiholog360.com' --manual --preferred-challenges dns-01 certonly --server https://acme-v02.api.letsencrypt.org/directory
Response error:
Detail: DNS problem: query timed out looking up TXT for _acme-challenge.psiholog360.com
Unboundtest:
Query results for TXT _acme-challenge.psiholog360.com
Response:
;; opcode: QUERY, status: NOERROR, id: 26717
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;_acme-challenge.psiholog360.com. IN TXT
;; ANSWER SECTION:
_acme-challenge.psiholog360.com. 0 IN TXT "SwunY0ZHo2ZdOPG4ZV3N5Vk4UCp8qzCSLeWUo5XaEqc"
Letsdebug output:
DNS problem: SERVFAIL looking up TXT for _acme-challenge.psiholog360.com - the domain's nameservers may be malfunctioning
Challenge update failures for *.psiholog360.com in order https://acme-staging-v02.api.letsencrypt.org/acme/order/5751349/131044458
acme: error code 400 "urn:ietf:params:acme:error:dns": DNS problem: SERVFAIL looking up TXT for _acme-challenge.psiholog360.com - the domain's nameservers may be malfunctioning
- subdomain: testare.psiholog360.com
command: certbot renew --dry-run
Result: Detail: DNS problem: SERVFAIL looking up A for testare.psiholog360.com - the domain's nameservers may be malfunctioning
Unbound:
Query results for A testare.psiholog360.com
Response:
;; opcode: QUERY, status: NOERROR, id: 51845
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;testare.psiholog360.com. IN A
;; ANSWER SECTION:
testare.psiholog360.com. 0 IN A 3.123.98.175
Letsdebug output:
HTTPCheck
DEBUG
Requests made to the domain
Request to: testare.psiholog360.com/3.123.98.175, Result: [Address=3.123.98.175,Address Type=IPv4,Server=Apache,HTTP Status=302,Number of Redirects=1,Final HTTP Status=302], Issue: BadRedirect
Trace:
@0ms: Making a request to http://testare.psiholog360.com/.well-known/acme-challenge/letsdebug-test (using initial IP 3.123.98.175)
@0ms: Dialing 3.123.98.175
@174ms: Server response: HTTP 302 Found
@174ms: Received redirect to https://testare.psiholog360.com.well-known/acme-challenge/letsdebug-test
DEBUG
A and AAAA records found for this domain
testare.psiholog360.com. 0 IN A 3.123.98.175
InternalProblem
DEBUG
An internal error occurred while checking the domain
Failed to query certwatch database to check rate limits: pq: canceling statement due to user request
LetsEncryptStaging
DEBUG
Challenge update failures for testare.psiholog360.com in order https://acme-staging-v02.api.letsencrypt.org/acme/order/5751349/131174908
acme: error code 400 "urn:ietf:params:acme:error:dns": DNS problem: query timed out looking up A for testare.psiholog360.com
Renewal used to work fine before with the same settings, not sure what generates these errors now...
I'm aware of the redirect problem with testare subdomain, but the DNS error seems unrelated. I also tried to generate a new cert for a test subdomain (with http, not dns), but got the same error.
Any idea how to solve this? Thanks.