Some challenges have failed. - Lets Encrypt

I am getting the following errors for a customers domain.

lineage = le_client.obtain_and_enroll_certificate(domains, certname)

File “/opt/”, line 418, in obtain_and_enroll_certificate
cert, chain, key, _ = self.obtain_certificate(domains)
File “/opt/”, line 351, in obtain_certificate
orderr = self._get_order_and_authorizations(, self.config.allow_subset_of_names)
File “/opt/”, line 398, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
File “/opt/”, line 91, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, best_effort)
File “/opt/”, line 180, in _poll_authorizations
raise errors.AuthorizationError(‘Some challenges have failed.’)

AuthorizationError: Some challenges have failed.
Some challenges have failed.

  • The following errors were reported by the server:
    Type: dns
    Detail: DNS problem: query timed out looking up A for

I have checked DNS remotely, and from the local server, the records are all correct, and the registrar is pointing to the correct DNS servers.
Just the error “Detail: DNS problem: query timed out looking up A for” is throwing me for the loop.

Anyone have any suggestions?

Thank you,


I have seen this error a few times in the past

Usually it is LE servers which are in maintenance or have an issue

There are a few other reasons as follows

Recent change to A record - stale dns - wait for TTL to expire and try again

DNS server not responding to external queries - make sure port 53 is open for TCP and UDP - restart dns server then test using external online dns test

Has a CAA dns record been created - if so, make sure LE is included in authorised CA list

Do not keep trying LE in live mode - you will force the LE servers to fail your server due to repeated attempts and you will have to wait for a minimum 24 hours or more before LE servers release your server. Switch to test mode where you will not be blocked by LE servers

Many thanks


Thank you for the reply, let. me wait awhile and try again, just an odd error since it was DNS related.

Thank you,

So I just tried again, and it worked. Must have been some hiccup somewhere.

Glad its working was quite the odd error.