SSL not provisioning. DNS operation timed out

Help with Setup/Upgrade
1

Hello I have had my server going for a while and it seems in the last update, things broke with SSL. I dont use the built in DNS server as I have a set of bind9 servers that were already being used without issues. but my Cert is about to expire and it wont let me manually run it because of this error

hostname.com: DNS isn't configured properly for this domain: DNS resolution failed (A: All nameservers failed to answer the query mx.myhosted.site. IN A: Server 127.0.0.1 UDP port 53 answered The DNS operation timed out.; Server 127.0.0.1 UDP port 53 answered The DNS operation timed out.; Server 127.0.0.1 UDP port 53 answered The DNS operation timed out.; Server 127.0.0.1 UDP port 53 answered The DNS operation timed out.; Server 127.0.0.1 UDP port 53 answered SERVFAIL).

I am getting this when I run /root/mailinabox/management/ssl_certificates.py -v Is there any way to force it to use the challenge file for HTTP instead like it use to?

Edit:

I was able to get it to do acme challenge but now I am gettign this error

``> Reading account key from /home/user-data/ssl/lets_encrypt/account.pem.

Validating existing account saved to /home/user-data/ssl/lets_encrypt/registration.json.
Reusing existing challenges for hostname.com.
ERROR:acme.challenges:Unable to reach http://hostname.com/.well-known/acme-challenge/123456_abcd: HTTPSConnectionPool(host=‘hostname.com’, port=443): Max retries exceeded with url: /.well-known/acme-challenge/123456_abcd (Caused by SSLError(SSLError(“bad handshake: Error([(‘SSL routines’, ‘SSL3_GET_SERVER_CERTIFICATE’, ‘certificate verify failed’)],)”,),))
Validation file is not present — a file must be installed on the web server.
Reading account key from /home/user-data/ssl/lets_encrypt/account.pem.
Validating existing account saved to /home/user-data/ssl/lets_encrypt/registration.json.
Reusing existing challenges for hostname.com.
ERROR:acme.challenges:Unable to reach http://hostname.com/.well-known/acme-challenge/123456_abcd: HTTPSConnectionPool(host=‘hostname.com’, port=443): Max retries exceeded with url: /.well-known/acme-challenge/123456_abcd (Caused by SSLError(SSLError(“bad handshake: Error([(‘SSL routines’, ‘SSL3_GET_SERVER_CERTIFICATE’, ‘certificate verify failed’)],)”,),))
Validation file is not present — a file must be installed on the web server.
hostname.com:
Something unexpected went wrong: [NeedToInstallFile(‘http://hostname.com/.well-known/acme-challenge/123456_abcd’, ‘123456_abcd.3lVMHnu87r2jqjihUOKZ2khoSn9Z6D2vBUSG0g3DXpE’, ‘123456_abcd’)]``

I can see the challenge file in /home/user-data/ssl/lets_encrypt/acme_challenges/ so . not sure why it cant find it now.

2

Do you have nameservers (called hostnames with godaddy) setup and pointing to your MIAB?

Looks like (at least from that bit of log you posted) DNS might not have propagated yet. When setting up a domain name for the first time, it can take up to 48 hours to process and propagate (although very rarely).

Have you tried again today?

3

DNS has been working with the Bind9 servers for over 3 years (this mail in the box server was setup 8 months ago) so its not propagation. I am not using the DNS server on MIB because I dont like the way it works and am use to bind where I have all the entries setup right.I was able to use another one of my servers to create a new ssl cert with lets encrypt so I have a little while to fix this now at least. Just would like to figure out why.

4

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.