Dns challenge fails

esmuellert · March 13, 2021, 8:05pm

Hello,

I setup the dns server as master dns and the dns server from my hoster als slave DNS.

This works but since I made this I can’t get an verification from Letsencrypt.
I got this message.

Can anyone help me?

 - The following errors were reported by the server:

   Domain: suche.dasnetzundich.de
   Type:   connection
   Detail: Fetching
   http://suche.dasnetzundich.de/.well-known/acme-challenge/bQdsX-hDS7zQxoTArC-WpTETJmcv7FpoujXlMndWwPM:
   Error getting validation data

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address. Additionally, please check that
   your computer has a publicly routable IP address and that no
   firewalls are preventing the server from communicating with the
   client. If you're using the webroot plugin, you should also verify
   that you are serving files from the webroot path you provided.

tpnsolutions · March 14, 2021, 2:01am

@esmuellert,

Just because one provider can resolve your DNS does not mean that Let’s Encrypts servers are using the same data. That is, when I update DNS because I use Google’s Resolvers the changes reflect within minutes, though clients who use their ISP’s nameservers may have to wait up to 24 hours because the records are cached on their end a bit longer.

So while checking a third party to verify your DNS is correctly setup is good for that, if you recently setup your domain and haven’t let at least 24 hours roll by, and further are experiencing the issue you noted, please be patient and try again in a few hours minimum as the issue will likely resolve itself once the servers LE is polling reflect the changes.

Best Regards,
Peter Knowles | TPN Solutions

Professional, Affordable IT Support - https://tpnassist.com

esmuellert · March 14, 2021, 4:47am

Thanks for your good information. Yesterday I switch to this setup with the Slave zone.

Edit: 24 hours later, the same problem. But all websites are reachable. Http01 and dns Challenge fails.

Gomez_Adams · March 14, 2021, 12:37pm

I learned that lesson the hard way a few years ago. Ionos DNS moves at the speed of smell. It took 36 hours to effect a change once. I’ve never used them since.

esmuellert · March 14, 2021, 2:00pm

Do you use the dns server from the domain provider.?

unborn · March 14, 2021, 2:01pm

Isn’t it aaaa ivp 6?

Gomez_Adams · March 14, 2021, 2:03pm

Did. Past tense. Years ago. Hence the phrase: I learned my lesson.

esmuellert · March 14, 2021, 2:25pm

Sure but ipv6 resolves correct to my server, but Port 80 redirect to 443.

unborn · March 14, 2021, 2:44pm

Is let’s encrypt support ivp6 yet?

esmuellert · March 14, 2021, 3:03pm

I don’t know. But the question is why letsencrypt/certbot try it over ipv6.

esmuellert · March 14, 2021, 3:40pm

Maybe I found an error:

Fatal: Inconsistency between delegation and zone. The set of NS records served by the authoritative name servers must match those proposed for the delegation in the parent zone.: oxygen.ns.hetzner.com (2a01:4f8:0:1::add:2992): Delegation: helium.ns.hetzner.de, hydrogen.ns.hetzner.com, oxygen.ns.hetzner.com, Zone: ns1.geturl.eu. Name Servers defined in Delegation, missing in Zone: helium.ns.hetzner.de, hydrogen.ns.hetzner.com, oxygen.ns.hetzner.com.Name Servers defined in Zone, missing in Delegation: ns1.geturl.eu.

esmuellert · March 14, 2021, 4:48pm

All issues solved. Port 80 was. Closed

system · March 22, 2021, 4:49pm

This topic was automatically closed 8 days after the last reply. New replies are no longer allowed.