LetsEncrypt Failing

youds · Oct 28, 2024

Hi,

I run DirectAdmin on 2 servers and on both I'm unable to update LetsEncrypt, I'm wondering is it because of my DNS configuration but can't be sure. The domain youds.com is failing on reissuing, log below.

Found wildcard domain name and http challenge type, switching to dns-01 validation.
2024/10/28 02:26:41 [INFO] [*.youds.com, youds.com] acme: Obtaining SAN certificate

2024/10/28 02:26:42 [INFO] [*.youds.com] AuthURL: [URL]https://acme-v02.api.letsencrypt.org/acme/authz-v3/422155349237[/URL]

2024/10/28 02:26:42 [INFO] [youds.com] AuthURL: [URL]https://acme-v02.api.letsencrypt.org/acme/authz-v3/422155349247[/URL]

2024/10/28 02:26:42 [INFO] [*.youds.com] acme: use dns-01 solver
2024/10/28 02:26:42 [INFO] [youds.com] acme: Could not find solver for: tls-alpn-01
2024/10/28 02:26:42 [INFO] [youds.com] acme: Could not find solver for: http-01
2024/10/28 02:26:42 [INFO] [youds.com] acme: use dns-01 solver
2024/10/28 02:26:42 [INFO] [*.youds.com] acme: Preparing to solve DNS-01

2024/10/28 02:27:13 2024/10/28 02:26:42  info executing task            task=action=dns&do=delete&domain=youds.com&name=_acme-challenge&type=TXT

2024/10/28 02:26:58  info finished task             duration=15.167214244s task=action=dns&do=delete&domain=youds.com&name=_acme-challenge&type=TXT

2024/10/28 02:26:58  info executing task            task=action=dns&do=add&domain=youds.com&name=_acme-challenge&named_reload=yes&ttl=5&type=TXT&value=%22RN_7_T08l_CElzcm-5ZYii9BfTz3n3h7vnQol80Ulfk%22

2024/10/28 02:27:13  info finished task             duration=15.348148308s task=action=dns&do=add&domain=youds.com&name=_acme-challenge&named_reload=yes&ttl=5&type=TXT&value=%22RN_7_T08l_CElzcm-5ZYii9BfTz3n3h7vnQol80Ulfk%22

2024/10/28 02:27:13 [INFO] [*.youds.com] acme: Trying to solve DNS-01
2024/10/28 02:27:13 [INFO] [*.youds.com] acme: Checking DNS record propagation using [8.8.8.8:53]
2024/10/28 02:27:43 [INFO] Wait for propagation [timeout: 5m0s, interval: 30s]
2024/10/28 02:27:43 [INFO] [*.youds.com] acme: Waiting for DNS record propagation.
2024/10/28 02:28:13 [INFO] [*.youds.com] acme: Waiting for DNS record propagation.
2024/10/28 02:28:43 [INFO] [*.youds.com] acme: Waiting for DNS record propagation.
2024/10/28 02:29:13 [INFO] [*.youds.com] acme: Waiting for DNS record propagation.
2024/10/28 02:29:43 [INFO] [*.youds.com] acme: Waiting for DNS record propagation.
2024/10/28 02:30:13 [INFO] [*.youds.com] acme: Waiting for DNS record propagation.
2024/10/28 02:30:44 [INFO] [*.youds.com] acme: Waiting for DNS record propagation.
2024/10/28 02:31:14 [INFO] [*.youds.com] acme: Waiting for DNS record propagation.
2024/10/28 02:31:44 [INFO] [*.youds.com] acme: Waiting for DNS record propagation.
2024/10/28 02:32:14 [INFO] [*.youds.com] acme: Waiting for DNS record propagation.
2024/10/28 02:32:44 [INFO] [*.youds.com] acme: Cleaning DNS-01 challenge

2024/10/28 02:32:59 2024/10/28 02:32:44  info executing task            task=action=dns&do=delete&domain=youds.com&name=_acme-challenge&type=TXT

2024/10/28 02:32:59  info finished task             duration=15.163027594s task=action=dns&do=delete&domain=youds.com&name=_acme-challenge&type=TXT

2024/10/28 02:32:59 [INFO] [youds.com] acme: Preparing to solve DNS-01

2024/10/28 02:33:30 2024/10/28 02:32:59  info executing task            task=action=dns&do=delete&domain=youds.com&name=_acme-challenge&type=TXT

2024/10/28 02:33:14  info finished task             duration=15.217643306s task=action=dns&do=delete&domain=youds.com&name=_acme-challenge&type=TXT

2024/10/28 02:33:14  info executing task            task=action=dns&do=add&domain=youds.com&name=_acme-challenge&named_reload=yes&ttl=5&type=TXT&value=%22cm0d-Jl0fNrc6LcOebh1e7ugcaYjp1TIt_l9hBCk5Kc%22

2024/10/28 02:33:30  info finished task             duration=15.349151926s task=action=dns&do=add&domain=youds.com&name=_acme-challenge&named_reload=yes&ttl=5&type=TXT&value=%22cm0d-Jl0fNrc6LcOebh1e7ugcaYjp1TIt_l9hBCk5Kc%22

2024/10/28 02:33:30 [INFO] [youds.com] acme: Trying to solve DNS-01
2024/10/28 02:33:30 [INFO] [youds.com] acme: Checking DNS record propagation using [8.8.8.8:53]
2024/10/28 02:34:00 [INFO] Wait for propagation [timeout: 5m0s, interval: 30s]
2024/10/28 02:34:00 [INFO] [youds.com] acme: Waiting for DNS record propagation.
2024/10/28 02:34:30 [INFO] [youds.com] acme: Waiting for DNS record propagation.
2024/10/28 02:35:00 [INFO] [youds.com] acme: Waiting for DNS record propagation.
2024/10/28 02:35:30 [INFO] [youds.com] acme: Waiting for DNS record propagation.
2024/10/28 02:36:00 [INFO] [youds.com] acme: Waiting for DNS record propagation.
2024/10/28 02:36:30 [INFO] [youds.com] acme: Waiting for DNS record propagation.
2024/10/28 02:37:00 [INFO] [youds.com] acme: Waiting for DNS record propagation.
2024/10/28 02:37:30 [INFO] [youds.com] acme: Waiting for DNS record propagation.
2024/10/28 02:38:00 [INFO] [youds.com] acme: Waiting for DNS record propagation.
2024/10/28 02:38:30 [INFO] [youds.com] acme: Waiting for DNS record propagation.
2024/10/28 02:39:00 [INFO] [youds.com] acme: Cleaning DNS-01 challenge

2024/10/28 02:39:16 2024/10/28 02:39:00  info executing task            task=action=dns&do=delete&domain=youds.com&name=_acme-challenge&type=TXT

2024/10/28 02:39:16  info finished task             duration=15.187217113s task=action=dns&do=delete&domain=youds.com&name=_acme-challenge&type=TXT

2024/10/28 02:39:16 [INFO] Deactivating auth: [URL]https://acme-v02.api.letsencrypt.org/acme/authz-v3/422155349237[/URL]
2024/10/28 02:39:16 [INFO] Deactivating auth: [URL]https://acme-v02.api.letsencrypt.org/acme/authz-v3/422155349247[/URL]
2024/10/28 02:39:16 Could not obtain certificates:
error: one or more domains had a problem:

[*.youds.com] propagation: time limit exceeded: last error: NS ns2.gethosted.online. returned NXDOMAIN for _acme-challenge.youds.com.

[youds.com] propagation: time limit exceeded: last error: NS ns2.gethosted.online. returned NXDOMAIN for _acme-challenge.youds.com.

Failed to issue new certificate

Any ideas?

kristian · Oct 28, 2024

Looks like the DNS challenge never gets into the zone as presented by ns1/2.gethosted.online. Is your DA server the (hidden) master for these name servers? I'd check that they get the zone update (should be visible on zone transfer log maybe) with the _acme-challenge record.

youds · Oct 28, 2024

It is yes, they both share the DNS serving via multi server. I’ll check to see if it gets added to the zone.

youds · Nov 1, 2024

Hopefully this helps someone (probably me in a few years..):
My Multi Server Setup was using an old IP address hence the error.

Thanks

LetsEncrypt Failing

youds

Verified User

kristian

Verified User

youds

Verified User

youds

Verified User