could not determine the zone

Question

could not determine the zone

masx200 opened this issue 2 years ago · 4 comments

2022/07/06 02:09:58.974 ERROR   tls.obtain      could not get certificate from issuer   {"identifier": "test.masx200.top", "issuer": "acme-v02.api.letsencrypt.org-directory", "error": "[test.masx200.top] solving challenges: waiting for solver certmagic.solverWrapper to be ready: checking DNS propagation of _acme-challenge.test.masx200.top: could not determine the zone: unexpected response code 'SERVFAIL' for 7ux4q93992xmjqv8388a.dcv2.httpsauto.com. (order=https://acme-v02.api.letsencrypt.org/acme/order/619340006/104179459486) (ca=https://acme-v02.api.letsencrypt.org/directory)"}
2022/07/06 02:09:58.975 ERROR   tls.obtain      will retry      {"error": "[test.masx200.top] Obtain: [test.masx200.top] solving challenges: waiting for solver certmagic.solverWrapper to be ready: checking DNS propagation of _acme-challenge.test.masx200.top: could not determine the zone: unexpected response code 'SERVFAIL' for 7ux4q93992xmjqv8388a.dcv2.httpsauto.com. (order=https://acme-v02.api.letsencrypt.org/acme/order/619340006/104179459486) (ca=https://acme-v02.api.letsencrypt.org/directory)", "attempt": 1, "retrying_in": 60, "elapsed": 29.786988, "max_duration": 2592000}

Answer 1 · 2022-07-06T02:18:20.000Z

I originally had a cname record from _acme-challenge.masx200.top pointing to 7ux4q93992xmjqv8388a.dcv2.httpsauto.com, when I delete it it's ok?

Answer 2 · 2022-07-07T20:38:28.000Z

That could have something to do with it; I'm not sure. SERVFAIL means the DNS server failed, I think.

(Closing, as doesn't appear to be a problem with this module.)

Answer 3 · 2022-07-08T00:27:05.000Z

https://github.com/caddyserver/certmagic/blob/d08f6e10d8a06759d0e302f7ac154821cf9f2e19/dnsutil.go#L280

Answer 4 · 2022-07-08T00:28:00.000Z

This may be related to cname records.