Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DNS challenge fails with SERVFAIL on Lets Encrypt #3809

Closed
toddself opened this issue Oct 23, 2024 · 5 comments
Closed

DNS challenge fails with SERVFAIL on Lets Encrypt #3809

toddself opened this issue Oct 23, 2024 · 5 comments
Labels
stale

Comments

@toddself
Copy link

Describe the issue you are experiencing

Sometime in the last three months Lets Encrypt is no longer able to communicate to DNS properly

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Renewing an existing certificate for ha.nw82.xyz
Encountered exception during recovery: KeyError: 'CsF1owC8Kg_jibWaOkb5KZs67PZboroVyii4tbKihig'
An unexpected error occurred:
dns.resolver.NoNameservers: All nameservers failed to answer the query _acme-challenge.ha.nw82.xyz. IN A: Server Do53:127.0.0.11@53 answered SERVFAIL
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
s6-rc: info: service legacy-services: stopping
s6-rc: info: service legacy-services successfully stopped
s6-rc: info: service legacy-cont-init: stopping
s6-rc: info: service legacy-cont-init successfully stopped
s6-rc: info: service fix-attrs: stopping
s6-rc: info: service fix-attrs successfully stopped
s6-rc: info: service s6rc-oneshot-runner: stopping
s6-rc: info: service s6rc-oneshot-runner successfully stopped

The canonical DNS servers for my network are internal (and my router forces all DNS requests for outbound services to them). However. the acme.sh program is capable of running DNS TLS certificate issues (which it does on all my other services).

What type of installation are you running?

Home Assistant OS

Which operating system are you running on?

Home Assistant Operating System

Which add-on are you reporting an issue with?

Let's Encrypt

What is the version of the add-on?

5.2.3

Steps to reproduce the issue

  1. Install le add on
  2. Configure for DNS
  3. Attempt to renew an already issued certificate
    ...

System Health information

System Information

version core-2024.10.3
installation_type Home Assistant OS
dev false
hassio true
docker true
user root
virtualenv false
python_version 3.12.4
os_name Linux
os_version 6.6.54-haos
arch x86_64
timezone America/Los_Angeles
config_dir /config
Home Assistant Community Store
GitHub API ok
GitHub Content ok
GitHub Web ok
HACS Data ok
GitHub API Calls Remaining 5000
Installed Version 2.0.1
Stage running
Available Repositories 1448
Downloaded Repositories 14
AccuWeather
can_reach_server ok
remaining_requests 20
Home Assistant Cloud
logged_in true
subscription_expiration December 31, 2017 at 16:00
relayer_connected false
relayer_region null
remote_enabled true
remote_connected false
alexa_enabled false
google_enabled false
remote_server null
certificate_status null
instance_id 1712b499713e49a583e92815d24a6392
can_reach_cert_server ok
can_reach_cloud_auth ok
can_reach_cloud ok
Home Assistant Supervisor
host_os Home Assistant OS 13.2
update_channel stable
supervisor_version supervisor-2024.10.2
agent_version 1.6.0
docker_version 27.2.0
disk_total 30.8 GB
disk_used 24.9 GB
healthy true
supported true
host_connectivity true
supervisor_connectivity true
ntp_synchronized true
virtualization kvm
board ova
supervisor_api ok
version_api ok
installed_addons Matter Server (6.6.0), Z-Wave JS (0.8.0), ESPHome (2024.10.1), Let's Encrypt (5.2.3), Tailscale (0.23.1), Terminal & SSH (9.15.0), NGINX Home Assistant SSL proxy (3.11.0), Mosquitto broker (6.4.1), Whisper (2.2.0), Piper (1.5.2), openWakeWord (1.10.0), MQTT Explorer (browser-1.0.3)
Dashboards
dashboards 6
resources 10
views 6
mode storage
Recorder
oldest_recorder_run October 17, 2024 at 15:44
current_recorder_run October 18, 2024 at 14:11
estimated_db_size 376.36 MiB
database_engine sqlite
database_version 3.45.3

Anything in the Supervisor logs that might be useful for us?

�[32m2024-10-23 05:25:36.557 INFO (MainThread) [supervisor.store.git] Update add-on https://github.com/esphome/home-assistant-addon repository�[0m
�[32m2024-10-23 05:25:37.558 INFO (MainThread) [supervisor.store] Loading add-ons from store: 83 all - 0 new - 0 remove�[0m
�[32m2024-10-23 05:25:37.558 INFO (MainThread) [supervisor.store] Loading add-ons from store: 83 all - 0 new - 0 remove�[0m
�[32m2024-10-23 06:00:00.392 INFO (SyncWorker_0) [supervisor.docker.manager] Cleaning addon_core_letsencrypt application�[0m
�[32m2024-10-23 06:00:00.669 INFO (MainThread) [supervisor.docker.addon] Starting Docker add-on homeassistant/amd64-addon-letsencrypt with version 5.2.3�[0m
�[32m2024-10-23 06:00:00.678 INFO (SyncWorker_2) [supervisor.docker.manager] Stopping addon_core_nginx_proxy application�[0m
�[32m2024-10-23 06:00:03.981 INFO (SyncWorker_2) [supervisor.docker.manager] Cleaning addon_core_nginx_proxy application�[0m
�[32m2024-10-23 06:00:04.292 INFO (MainThread) [supervisor.docker.addon] Starting Docker add-on homeassistant/amd64-addon-nginx_proxy with version 3.11.0�[0m
�[32m2024-10-23 06:00:04.403 INFO (MainThread) [supervisor.api.middleware.security] /core/info access from core_nginx_proxy�[0m
�[32m2024-10-23 06:23:55.368 INFO (MainThread) [supervisor.resolution.check] Starting system checks with state running�[0m
�[32m2024-10-23 06:23:55.368 INFO (MainThread) [supervisor.resolution.checks.base] Run check for free_space/system�[0m
�[32m2024-10-23 06:23:55.368 INFO (MainThread) [supervisor.resolution.checks.base] Run check for disabled_data_disk/system�[0m
�[32m2024-10-23 06:23:55.368 INFO (MainThread) [supervisor.resolution.checks.base] Run check for ipv4_connection_problem/system�[0m
�[32m2024-10-23 06:23:55.368 INFO (MainThread) [supervisor.resolution.checks.base] Run check for docker_config/system�[0m
�[32m2024-10-23 06:23:55.369 INFO (MainThread) [supervisor.resolution.checks.base] Run check for multiple_data_disks/system�[0m
�[32m2024-10-23 06:23:55.369 INFO (MainThread) [supervisor.resolution.checks.base] Run check for security/core�[0m
�[32m2024-10-23 06:23:55.369 INFO (MainThread) [supervisor.resolution.checks.base] Run check for trust/supervisor�[0m
�[32m2024-10-23 06:23:55.372 INFO (MainThread) [supervisor.resolution.checks.base] Run check for pwned/addon�[0m
�[32m2024-10-23 06:23:55.409 INFO (MainThread) [supervisor.resolution.checks.base] Run check for dns_server_ipv6_error/dns_server�[0m
�[32m2024-10-23 06:23:55.409 INFO (MainThread) [supervisor.resolution.checks.base] Run check for dns_server_failed/dns_server�[0m
�[32m2024-10-23 06:23:55.409 INFO (MainThread) [supervisor.resolution.check] System checks complete�[0m
�[32m2024-10-23 06:23:55.409 INFO (MainThread) [supervisor.resolution.evaluate] Starting system evaluation with state running�[0m
�[32m2024-10-23 06:23:55.469 INFO (MainThread) [supervisor.resolution.evaluate] System evaluation complete�[0m
�[32m2024-10-23 06:23:55.469 INFO (MainThread) [supervisor.resolution.fixup] Starting system autofix at state running�[0m
�[32m2024-10-23 06:23:55.469 INFO (MainThread) [supervisor.resolution.fixup] System autofix complete�[0m
�[32m2024-10-23 06:23:55.473 INFO (MainThread) [supervisor.homeassistant.api] Updated Home Assistant API token�[0m
�[32m2024-10-23 07:23:55.481 INFO (MainThread) [supervisor.resolution.check] Starting system checks with state running�[0m
�[32m2024-10-23 07:23:55.481 INFO (MainThread) [supervisor.resolution.checks.base] Run check for free_space/system�[0m
�[32m2024-10-23 07:23:55.481 INFO (MainThread) [supervisor.resolution.checks.base] Run check for disabled_data_disk/system�[0m
�[32m2024-10-23 07:23:55.481 INFO (MainThread) [supervisor.resolution.checks.base] Run check for ipv4_connection_problem/system�[0m
�[32m2024-10-23 07:23:55.481 INFO (MainThread) [supervisor.resolution.checks.base] Run check for docker_config/system�[0m
�[32m2024-10-23 07:23:55.482 INFO (MainThread) [supervisor.resolution.checks.base] Run check for multiple_data_disks/system�[0m
�[32m2024-10-23 07:23:55.482 INFO (MainThread) [supervisor.resolution.checks.base] Run check for security/core�[0m
�[32m2024-10-23 07:23:55.482 INFO (MainThread) [supervisor.resolution.checks.base] Run check for trust/supervisor�[0m
�[32m2024-10-23 07:23:55.484 INFO (MainThread) [supervisor.resolution.checks.base] Run check for pwned/addon�[0m
�[32m2024-10-23 07:23:55.521 INFO (MainThread) [supervisor.resolution.checks.base] Run check for dns_server_ipv6_error/dns_server�[0m
�[32m2024-10-23 07:23:55.521 INFO (MainThread) [supervisor.resolution.checks.base] Run check for dns_server_failed/dns_server�[0m
�[32m2024-10-23 07:23:55.521 INFO (MainThread) [supervisor.resolution.check] System checks complete�[0m
�[32m2024-10-23 07:23:55.521 INFO (MainThread) [supervisor.resolution.evaluate] Starting system evaluation with state running�[0m
�[32m2024-10-23 07:23:55.570 INFO (MainThread) [supervisor.resolution.evaluate] System evaluation complete�[0m
�[32m2024-10-23 07:23:55.570 INFO (MainThread) [supervisor.resolution.fixup] Starting system autofix at state running�[0m
�[32m2024-10-23 07:23:55.570 INFO (MainThread) [supervisor.resolution.fixup] System autofix complete�[0m
�[32m2024-10-23 07:23:55.573 INFO (MainThread) [supervisor.homeassistant.api] Updated Home Assistant API token�[0m
�[32m2024-10-23 07:25:04.972 INFO (MainThread) [supervisor.updater] Fetching update data from https://version.home-assistant.io/stable.json�[0m
�[32m2024-10-23 07:31:58.769 INFO (MainThread) [supervisor.host.info] Updating local host information�[0m
�[32m2024-10-23 07:31:59.052 INFO (MainThread) [supervisor.host.services] Updating service information�[0m
�[32m2024-10-23 07:31:59.055 INFO (MainThread) [supervisor.host.network] Updating local network information�[0m
�[32m2024-10-23 07:31:59.114 INFO (MainThread) [supervisor.host.sound] Updating PulseAudio information�[0m
�[32m2024-10-23 07:31:59.118 INFO (MainThread) [supervisor.host.manager] Host information reload completed�[0m
�[32m2024-10-23 08:23:55.577 INFO (MainThread) [supervisor.resolution.check] Starting system checks with state running�[0m
�[32m2024-10-23 08:23:55.577 INFO (MainThread) [supervisor.resolution.checks.base] Run check for free_space/system�[0m
�[32m2024-10-23 08:23:55.577 INFO (MainThread) [supervisor.resolution.checks.base] Run check for disabled_data_disk/system�[0m
�[32m2024-10-23 08:23:55.577 INFO (MainThread) [supervisor.resolution.checks.base] Run check for ipv4_connection_problem/system�[0m
�[32m2024-10-23 08:23:55.577 INFO (MainThread) [supervisor.resolution.checks.base] Run check for docker_config/system�[0m
�[32m2024-10-23 08:23:55.577 INFO (MainThread) [supervisor.resolution.checks.base] Run check for multiple_data_disks/system�[0m
�[32m2024-10-23 08:23:55.577 INFO (MainThread) [supervisor.resolution.checks.base] Run check for security/core�[0m
�[32m2024-10-23 08:23:55.578 INFO (MainThread) [supervisor.resolution.checks.base] Run check for trust/supervisor�[0m
�[32m2024-10-23 08:23:55.581 INFO (MainThread) [supervisor.resolution.checks.base] Run check for pwned/addon�[0m
�[32m2024-10-23 08:23:55.609 INFO (MainThread) [supervisor.resolution.checks.base] Run check for dns_server_ipv6_error/dns_server�[0m
�[32m2024-10-23 08:23:55.610 INFO (MainThread) [supervisor.resolution.checks.base] Run check for dns_server_failed/dns_server�[0m
�[32m2024-10-23 08:23:55.610 INFO (MainThread) [supervisor.resolution.check] System checks complete�[0m
�[32m2024-10-23 08:23:55.610 INFO (MainThread) [supervisor.resolution.evaluate] Starting system evaluation with state running�[0m
�[32m2024-10-23 08:23:55.660 INFO (MainThread) [supervisor.resolution.evaluate] System evaluation complete�[0m
�[32m2024-10-23 08:23:55.660 INFO (MainThread) [supervisor.resolution.fixup] Starting system autofix at state running�[0m
�[32m2024-10-23 08:23:55.660 INFO (MainThread) [supervisor.resolution.fixup] System autofix complete�[0m
�[32m2024-10-23 08:23:55.663 INFO (MainThread) [supervisor.homeassistant.api] Updated Home Assistant API token�[0m
�[32m2024-10-23 08:25:37.567 INFO (MainThread) [supervisor.store.git] Update add-on https://github.com/GollumDom/addon-repository repository�[0m
�[32m2024-10-23 08:25:37.569 INFO (MainThread) [supervisor.store.git] Update add-on https://github.com/music-assistant/home-assistant-addon repository�[0m
�[32m2024-10-23 08:25:37.570 INFO (MainThread) [supervisor.store.git] Update add-on https://github.com/home-assistant/addons repository�[0m
�[32m2024-10-23 08:25:37.570 INFO (MainThread) [supervisor.store.git] Update add-on https://github.com/hassio-addons/repository repository�[0m
�[32m2024-10-23 08:25:37.573 INFO (MainThread) [supervisor.store.git] Update add-on https://github.com/esphome/home-assistant-addon repository�[0m
�[32m2024-10-23 08:25:38.527 INFO (MainThread) [supervisor.store] Loading add-ons from store: 83 all - 0 new - 0 remove�[0m
�[32m2024-10-23 08:25:38.527 INFO (MainThread) [supervisor.store] Loading add-ons from store: 83 all - 0 new - 0 remove�[0m
�[32m2024-10-23 09:07:52.709 INFO (MainThread) [supervisor.api.middleware.security] /network/info access from core_ssh�[0m
�[32m2024-10-23 09:07:52.711 INFO (MainThread) [supervisor.api.middleware.security] /network/info access from core_ssh�[0m
�[32m2024-10-23 09:07:52.712 INFO (MainThread) [supervisor.api.middleware.security] /host/info access from core_ssh�[0m
�[32m2024-10-23 09:07:52.714 INFO (MainThread) [supervisor.api.middleware.security] /core/info access from core_ssh�[0m
�[32m2024-10-23 09:11:12.873 INFO (SyncWorker_1) [supervisor.docker.manager] Cleaning addon_core_letsencrypt application�[0m
�[32m2024-10-23 09:11:13.165 INFO (MainThread) [supervisor.docker.addon] Starting Docker add-on homeassistant/amd64-addon-letsencrypt with version 5.2.3�[0m
�[32m2024-10-23 09:12:28.602 INFO (MainThread) [supervisor.api.middleware.security] /dns/options access from core_ssh�[0m
�[32m2024-10-23 09:12:33.820 INFO (MainThread) [supervisor.api.middleware.security] /dns/info access from core_ssh�[0m
�[32m2024-10-23 09:12:41.430 INFO (MainThread) [supervisor.api.middleware.security] /resolution/info access from core_ssh�[0m
�[32m2024-10-23 09:23:55.668 INFO (MainThread) [supervisor.resolution.check] Starting system checks with state running�[0m
�[32m2024-10-23 09:23:55.668 INFO (MainThread) [supervisor.resolution.checks.base] Run check for free_space/system�[0m
�[32m2024-10-23 09:23:55.668 INFO (MainThread) [supervisor.resolution.checks.base] Run check for disabled_data_disk/system�[0m
�[32m2024-10-23 09:23:55.668 INFO (MainThread) [supervisor.resolution.checks.base] Run check for ipv4_connection_problem/system�[0m
�[32m2024-10-23 09:23:55.668 INFO (MainThread) [supervisor.resolution.checks.base] Run check for docker_config/system�[0m
�[32m2024-10-23 09:23:55.668 INFO (MainThread) [supervisor.resolution.checks.base] Run check for multiple_data_disks/system�[0m
�[32m2024-10-23 09:23:55.668 INFO (MainThread) [supervisor.resolution.checks.base] Run check for security/core�[0m
�[32m2024-10-23 09:23:55.669 INFO (MainThread) [supervisor.resolution.checks.base] Run check for trust/supervisor�[0m
�[32m2024-10-23 09:23:55.671 INFO (MainThread) [supervisor.resolution.checks.base] Run check for pwned/addon�[0m
�[32m2024-10-23 09:23:55.711 INFO (MainThread) [supervisor.resolution.checks.base] Run check for dns_server_ipv6_error/dns_server�[0m
�[32m2024-10-23 09:23:55.711 INFO (MainThread) [supervisor.resolution.checks.base] Run check for dns_server_failed/dns_server�[0m
�[32m2024-10-23 09:23:55.711 INFO (MainThread) [supervisor.resolution.check] System checks complete�[0m
�[32m2024-10-23 09:23:55.711 INFO (MainThread) [supervisor.resolution.evaluate] Starting system evaluation with state running�[0m
�[32m2024-10-23 09:23:55.765 INFO (MainThread) [supervisor.resolution.evaluate] System evaluation complete�[0m
�[32m2024-10-23 09:23:55.765 INFO (MainThread) [supervisor.resolution.fixup] Starting system autofix at state running�[0m
�[32m2024-10-23 09:23:55.765 INFO (MainThread) [supervisor.resolution.fixup] System autofix complete�[0m
�[32m2024-10-23 09:23:55.768 INFO (MainThread) [supervisor.homeassistant.api] Updated Home Assistant API token�[0m
�[32m2024-10-23 09:25:05.075 INFO (MainThread) [supervisor.updater] Fetching update data from https://version.home-assistant.io/stable.json�[0m

Anything in the add-on logs that might be useful for us?

dns.resolver.NoNameservers: All nameservers failed to answer the query _acme-challenge.ha.nw82.xyz. IN A: Server Do53:127.0.0.11@53 answered SERVFAIL
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
s6-rc: info: service legacy-services: stopping
s6-rc: info: service legacy-services successfully stopped
s6-rc: info: service legacy-cont-init: stopping
s6-rc: info: service legacy-cont-init successfully stopped
s6-rc: info: service fix-attrs: stopping
s6-rc: info: service fix-attrs successfully stopped
s6-rc: info: service s6rc-oneshot-runner: stopping
s6-rc: info: service s6rc-oneshot-runner successfully stopped
s6-rc: info: service s6rc-oneshot-runner: starting
s6-rc: info: service s6rc-oneshot-runner successfully started
s6-rc: info: service fix-attrs: starting
s6-rc: info: service fix-attrs successfully started
s6-rc: info: service legacy-cont-init: starting
cont-init: info: running /etc/cont-init.d/file-structure.sh
cont-init: info: /etc/cont-init.d/file-structure.sh exited 0
s6-rc: info: service legacy-cont-init successfully started
s6-rc: info: service legacy-services: starting
services-up: info: copying legacy longrun lets-encrypt (no readiness notification)
s6-rc: info: service legacy-services successfully started
[06:00:01] INFO: Selected DNS Provider: dns-porkbun
[06:00:01] INFO: Use propagation seconds: 60
[06:00:01] INFO: Detecting existing certificate type for ha.nw82.xyz
Saving debug log to /var/log/letsencrypt/letsencrypt.log
[06:00:02] INFO: Existing certificate using 'ecdsa' key type.
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Renewing an existing certificate for ha.nw82.xyz
Encountered exception during recovery: KeyError: 'CsF1owC8Kg_jibWaOkb5KZs67PZboroVyii4tbKihig'
An unexpected error occurred:
dns.resolver.NoNameservers: All nameservers failed to answer the query _acme-challenge.ha.nw82.xyz. IN A: Server Do53:127.0.0.11@53 answered SERVFAIL
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
s6-rc: info: service legacy-services: stopping
s6-rc: info: service legacy-services successfully stopped
s6-rc: info: service legacy-cont-init: stopping
s6-rc: info: service legacy-cont-init successfully stopped
s6-rc: info: service fix-attrs: stopping
s6-rc: info: service fix-attrs successfully stopped
s6-rc: info: service s6rc-oneshot-runner: stopping
s6-rc: info: service s6rc-oneshot-runner successfully stopped
s6-rc: info: service s6rc-oneshot-runner: starting
s6-rc: info: service s6rc-oneshot-runner successfully started
s6-rc: info: service fix-attrs: starting
s6-rc: info: service fix-attrs successfully started
s6-rc: info: service legacy-cont-init: starting
cont-init: info: running /etc/cont-init.d/file-structure.sh
cont-init: info: /etc/cont-init.d/file-structure.sh exited 0
s6-rc: info: service legacy-cont-init successfully started
s6-rc: info: service legacy-services: starting
services-up: info: copying legacy longrun lets-encrypt (no readiness notification)
s6-rc: info: service legacy-services successfully started
[06:00:01] INFO: Selected DNS Provider: dns-porkbun
[06:00:01] INFO: Use propagation seconds: 60
[06:00:01] INFO: Detecting existing certificate type for ha.nw82.xyz
Saving debug log to /var/log/letsencrypt/letsencrypt.log
[06:00:02] INFO: Existing certificate using 'ecdsa' key type.
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Renewing an existing certificate for ha.nw82.xyz
Encountered exception during recovery: KeyError: 'CsF1owC8Kg_jibWaOkb5KZs67PZboroVyii4tbKihig'
An unexpected error occurred:
dns.resolver.NoNameservers: All nameservers failed to answer the query _acme-challenge.ha.nw82.xyz. IN A: Server Do53:127.0.0.11@53 answered SERVFAIL
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
s6-rc: info: service legacy-services: stopping
s6-rc: info: service legacy-services successfully stopped
s6-rc: info: service legacy-cont-init: stopping
s6-rc: info: service legacy-cont-init successfully stopped
s6-rc: info: service fix-attrs: stopping
s6-rc: info: service fix-attrs successfully stopped
s6-rc: info: service s6rc-oneshot-runner: stopping
s6-rc: info: service s6rc-oneshot-runner successfully stopped
s6-rc: info: service s6rc-oneshot-runner: starting
s6-rc: info: service s6rc-oneshot-runner successfully started
s6-rc: info: service fix-attrs: starting
s6-rc: info: service fix-attrs successfully started
s6-rc: info: service legacy-cont-init: starting
cont-init: info: running /etc/cont-init.d/file-structure.sh
cont-init: info: /etc/cont-init.d/file-structure.sh exited 0
s6-rc: info: service legacy-cont-init successfully started
s6-rc: info: service legacy-services: starting
services-up: info: copying legacy longrun lets-encrypt (no readiness notification)
s6-rc: info: service legacy-services successfully started
[09:11:13] INFO: Selected DNS Provider: dns-porkbun
[09:11:13] INFO: Use propagation seconds: 60
[09:11:13] INFO: Detecting existing certificate type for ha.nw82.xyz
Saving debug log to /var/log/letsencrypt/letsencrypt.log
[09:11:14] INFO: Existing certificate using 'ecdsa' key type.
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Renewing an existing certificate for ha.nw82.xyz
Encountered exception during recovery: KeyError: 'CsF1owC8Kg_jibWaOkb5KZs67PZboroVyii4tbKihig'
An unexpected error occurred:
dns.resolver.NoNameservers: All nameservers failed to answer the query _acme-challenge.ha.nw82.xyz. IN A: Server Do53:127.0.0.11@53 answered SERVFAIL
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
s6-rc: info: service legacy-services: stopping
s6-rc: info: service legacy-services successfully stopped
s6-rc: info: service legacy-cont-init: stopping
s6-rc: info: service legacy-cont-init successfully stopped
s6-rc: info: service fix-attrs: stopping
s6-rc: info: service fix-attrs successfully stopped
s6-rc: info: service s6rc-oneshot-runner: stopping
s6-rc: info: service s6rc-oneshot-runner successfully stopped

Additional information

This obviously worked at some point in the past as I have had a valid DNS challenge issued TLS certificate for over a year. No changes have been made to my local networking in that time (and acme.sh was able to renew other certs this AM using DNS)
@kaigiessen
Copy link

I have the exact same issue and can’t figure it out.

@lkuznicki
Copy link

Same for me.

@toddself
Copy link
Author

toddself commented Nov 7, 2024

I switched to use https://github.com/Djelibeybi/homeassistant-acme.sh-addon and this one works one, so I deleted the lets encrypt one as my cert expired yesterday.

@github-actions GitHub Actions
Copy link

github-actions bot commented Dec 7, 2024

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@github-actions github-actions bot added the stale label Dec 7, 2024
@github-actions github-actions bot closed this as not planned Won't fix, can't repro, duplicate, stale Dec 14, 2024
@woodsb02
Copy link

woodsb02 commented Feb 2, 2025
edited
Loading

I believe this is because Porkbun recently changed the URL for their API:
Old Value: porkbun.com
New Value: api.porkbun.com
Deadline: 2024-12-01 00:00:00 UTC

If so, this can be fixed by updating the addon to use the new version 0.9.1 of certbot-dns-porkbun
https://github.com/infinityofspace/certbot_dns_porkbun/releases

This pull request will fix the porkbun api issue:
#3902

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
stale
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@toddself @woodsb02 @kaigiessen @lkuznicki