Some challenges have failed. - Lets Encrypt

Anthony · November 6, 2020, 4:43pm

I am getting the following errors for a customers domain.

lineage = le_client.obtain_and_enroll_certificate(domains, certname)

File “/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/_internal/client.py”, line 418, in obtain_and_enroll_certificate
cert, chain, key, _ = self.obtain_certificate(domains)
File “/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/_internal/client.py”, line 351, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File “/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/_internal/client.py”, line 398, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
File “/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/_internal/auth_handler.py”, line 91, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, best_effort)
File “/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/_internal/auth_handler.py”, line 180, in _poll_authorizations
raise errors.AuthorizationError(‘Some challenges have failed.’)

AuthorizationError: Some challenges have failed.
Some challenges have failed.
IMPORTANT NOTES:

The following errors were reported by the server:
Domain: www.changed.com
Type: dns
Detail: DNS problem: query timed out looking up A for
www.changed.com

I have checked DNS remotely, and from the local server, the records are all correct, and the registrar is pointing to the correct DNS servers.
Just the error “Detail: DNS problem: query timed out looking up A for” is throwing me for the loop.

Anyone have any suggestions?

Thank you,
Anthony

d2d4j · November 6, 2020, 5:57pm

Hi

I have seen this error a few times in the past

Usually it is LE servers which are in maintenance or have an issue

There are a few other reasons as follows

Recent change to A record - stale dns - wait for TTL to expire and try again

DNS server not responding to external queries - make sure port 53 is open for TCP and UDP - restart dns server then test using external online dns test

Has a CAA dns record been created - if so, make sure LE is included in authorised CA list

Do not keep trying LE in live mode - you will force the LE servers to fail your server due to repeated attempts and you will have to wait for a minimum 24 hours or more before LE servers release your server. Switch to test mode where you will not be blocked by LE servers

Many thanks

John

Anthony · November 6, 2020, 9:52pm

Thank you for the reply, let. me wait awhile and try again, just an odd error since it was DNS related.

Thank you,
Anthony

Anthony · November 7, 2020, 3:21pm

Morning,
So I just tried again, and it worked. Must have been some hiccup somewhere.

Glad its working was quite the odd error.

Thanks,
Anthony