Lets encrypt certificate renewal failure - previously worked successfully every 2 months for over a year

2 posts / 0 new
Last post
#1 Thu, 02/28/2019 - 17:38
rmccain

Lets encrypt certificate renewal failure - previously worked successfully every 2 months for over a year

Requesting a certificate for pilatessanfrancisco.com, www.pilatessanfrancisco.com, autoconfig.pilatessanfrancisco.com, autodiscover.pilatessanfrancisco.com, pilatessf.com, www.pilatessf.com, pilates-sf.com, www.pilates-sf.com from Let's Encrypt .. .. request failed : Web-based validation failed : Failed to request certificate :

Error received: autoconfig.pilatessanfrancisco.com challenge did not pass: dns :: DNS problem: NXDOMAIN looking up A for autoconfig.pilatessanfrancisco.com

DNS-based validation failed : Failed to request certificate :
Gave up waiting for validation

System is Ubuntu 16.04.4 with Webmin 1.900, Usermin 1.751 and Virtualmin 6.06-2 with all packages up to date.

Fri, 03/01/2019 - 10:14
rmccain

In the past it was sufficient to add the two A records for autodiscover.xxx.com and autoconfig.xxx.com to the BIND configuration on the localhost for renewal.

Now it seems that the Let's Encrypt renewal process wants to interrogate the domain registrar's DNS service as well. Is this a new security measure?

So it was necessary to add CNAME pointers for autodiscover.xxx.com and autoconfig.xxx.com before the certificate would renew. If your DNS registrar does not allow you to manage these details you might consider switching to one that does.

Topic locked