Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: mscollege.edu.ye
I ran this command:
i try to run autoussl from whm cpanel
It produced this output:
“Let’s Encrypt™” HTTP DCV error (www.mscollege.edu.ye): 400 urn:ietf:params:acme:error:dns (There was a problem with a DNS query) (DNS problem: query timed out looking up A for www.mscollege.edu.ye; DNS problem: query timed out looking up AAAA for www.mscollege.edu.ye) “Let’s Encrypt™” HTTP DCV error (mscollege.edu.ye): 400 urn:ietf:params:acme:error:dns (There was aproblem with a DNS query) (DNS problem: query timed out looking up A for mscollege.edu.ye; DNS problem: query timedout looking up AAAA for mscollege.edu.ye)
My web server is (include version):
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is:almalunix with whm
I can login to a root shell on my machine (yes or no, or I don't know):
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
This means the Let's Encrypt server did not get a reply from your DNS servers. That is, the request "timed out" before it got a reply.
Your DNS system has a number of performance problems. See the Errors section from this test site: mscollege.edu.ye | DNSViz
You should work with your DNS provider to resolve those problems. Once your DNS system works better you should be able to get a Let's Encrypt certificate.
I was able to reproduce this problem using other tools. Your problem is not just affecting Let's Encrypt. The dnsviz site errors is a good place to start.
4 Likes
Thank you for the quick response. Could you please provide the domain names or IP addresses used by Let’s Encrypt so we can allow them to access our DNS servers
Let's Encrypt does not publish the IP addresses used by its validation servers. See this FAQ: FAQ - Let's Encrypt
Note there are currently 5 of these centers which rotate their IP addresses regularly.
You may also find this helpful: Multi-Perspective Validation & Geoblocking FAQ
It looks like you might be blocking repeated requests from the same IP or origin. I say this because another tool we use succeeds on its first try but fails with a "timeout" for a second try. Another try will succeed and the one after that fails. This pattern repeats. Use https://unboundtest.com and query for an A record for your domain. Repeat that test.
Note that unboundtest is not coming from an LE validation center. It is only a testing tool.
I think you will need to relax your firewall to allow more repeated requests. Even if you were to try using a different Certificate Authority it will also need to make similar requests to your DNS server.
3 Likes