Let's Encrypt ACME Error (DNS problem – NXDOMAIN lookup)

Recently, my site went down spontaneously. I believe the SSL certificate expired, and when Caddy tried to renew, the renewal failed.

When I a manually started up caddy (by running caddy with no arguments in the directory with the Caddyfile), I got the following output:

Activating privacy features...2017/11/11 21:58:43 too many renewal attempts; last error: acme: Error 400 - urn:acme:error:connection - DNS problem: NXDOMAIN looking up A for www.arjun-menon.com
Error Detail:
	Validation for www.arjun-menon.com:80
	Resolved to:


After that, I went to my registrar (Namecheap)'s website, to revisit the configuration of my domain. I noticed that DNSSEC was turned on, so I turned it off. After waiting for a few minutes, I ran caddy, but got the same error shown above.

After re-running Caddy a few times, I hit an ACME rate limit for errors, and get this now:

Activating privacy features...2017/11/11 22:12:07 too many renewal attempts; last error: acme: Error 429 - urn:acme:error:rateLimited - Error creating new authz :: Too many failed authorizations recently.

My caddy -version is Caddy 0.10.10 (non-commercial use only).

So I can’t debug this anymore, and try to figure out what’s wrong. So I thought I’d give you guys a shout. Anyone experienced anything like this?

Not sure, but you can use the -ca https://acme-staging.api.letsencrypt.org/directory flag to hammer LetsEncrypt’s staging endpoint instead of their live one. The staging site don’t have rate limits, so you might be able to keep testing to find out what the issue is.

1 Like

I got this resolved. The problem was that I had removed the A record for www for my domain at some point, but I hadn’t updated my Caddyfile to remove www version of the domain from it.

@Whitestrake, thanks for your comment. I’ll definitely make a note of that, and use the staging endpoint in the future, if I’m toying with my DNS records, or setting up Caddy on a different website.


This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.