Dns challenge fails


I setup the dns server as master dns and the dns server from my hoster als slave DNS.

This works but since I made this I can’t get an verification from Letsencrypt.
I got this message.

Can anyone help me?

 - The following errors were reported by the server:

   Domain: suche.dasnetzundich.de
   Type:   connection
   Detail: Fetching
   Error getting validation data

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address. Additionally, please check that
   your computer has a publicly routable IP address and that no
   firewalls are preventing the server from communicating with the
   client. If you're using the webroot plugin, you should also verify
   that you are serving files from the webroot path you provided.


Just because one provider can resolve your DNS does not mean that Let’s Encrypts servers are using the same data. That is, when I update DNS because I use Google’s Resolvers the changes reflect within minutes, though clients who use their ISP’s nameservers may have to wait up to 24 hours because the records are cached on their end a bit longer.

So while checking a third party to verify your DNS is correctly setup is good for that, if you recently setup your domain and haven’t let at least 24 hours roll by, and further are experiencing the issue you noted, please be patient and try again in a few hours minimum as the issue will likely resolve itself once the servers LE is polling reflect the changes.

Best Regards,
Peter Knowles | TPN Solutions

Professional, Affordable IT Support - https://tpnassist.com


Thanks for your good information. Yesterday I switch to this setup with the Slave zone.

Edit: 24 hours later, the same problem. But all websites are reachable. Http01 and dns Challenge fails.

I learned that lesson the hard way a few years ago. Ionos DNS moves at the speed of smell. It took 36 hours to effect a change once. I’ve never used them since.

Do you use the dns server from the domain provider.?

Isn’t it aaaa ivp 6?

Did. Past tense. Years ago. Hence the phrase: I learned my lesson.

1 Like

Sure but ipv6 resolves correct to my server, but Port 80 redirect to 443.

Is let’s encrypt support ivp6 yet?

I don’t know. But the question is why letsencrypt/certbot try it over ipv6.

Maybe I found an error:

Fatal: Inconsistency between delegation and zone. The set of NS records served by the authoritative name servers must match those proposed for the delegation in the parent zone.: oxygen.ns.hetzner.com (2a01:4f8:0:1::add:2992): Delegation: helium.ns.hetzner.de, hydrogen.ns.hetzner.com, oxygen.ns.hetzner.com, Zone: ns1.geturl.eu. Name Servers defined in Delegation, missing in Zone: helium.ns.hetzner.de, hydrogen.ns.hetzner.com, oxygen.ns.hetzner.com.Name Servers defined in Zone, missing in Delegation: ns1.geturl.eu.

All issues solved. :see_no_evil: Port 80 was. Closed :roll_eyes:

1 Like

This topic was automatically closed 8 days after the last reply. New replies are no longer allowed.