Last error: authoritativ

General
1

What is the name of the domain?

nerdonthefairway.com

What is the error number?

[*.nerdonthefairway.com] propagation: time limit exceeded: last error: authoritative nameservers: NS ed.ns.cloudflare.com.:53 returned SERVFAIL

What is the error message?

[*.nerdonthefairway.com] propagation: time limit exceeded: last error: authoritative nameservers: NS ed.ns.cloudflare.com.:53 returned SERVFAIL

What is the issue you’re encountering

Cannot get SSL certs because acme cannot get the correct information

What steps have you taken to resolve the issue?

Cleared the cache (browser and cloudflare). Created new tokens. I don’t know what else to try.

What are the steps to reproduce the issue?

I am trying to run Trafik as a reverse proxy at home and I need SSL certs for it. I thing I’ve setup the DNS entries correctly but I still have these errors.

Screenshot of the error

acme-cert errors.png
acme-cert errors.png1874×174 33.1 KB

2

Are you using DNS challenge? Have you configured your Cloudflare API properly?

3

I think so. The _acme-challenge.domain records are being created, so I assume the API is configured correctly. The error message I’m seeing suggest that propagation:
time limit exceeded: last error: authoritative nameservers: NS ed.ns.cloudflare.com.:53 returned SERVFAIL for _acme-challenge.nerdonthefairway.com. Any tips on how to check what may be going wrong?

4

Not my experience:

$ dig _acme-challenge.nerdonthefairway.com. IN TXT

;ANSWER 
_acme-challenge.nerdonthefairway.com. 120 IN TXT "HDuRat05w4cvbxPKk0RUp-HZZF-FmGoh6H1tg5-30A0" 
_acme-challenge.nerdonthefairway.com. 120 IN TXT "SPSxL3Fn8LFlykBemVVMjL26tw01cED5x1-4g9IIY0U" 
_acme-challenge.nerdonthefairway.com. 120 IN TXT "EZ-Zpn9TLJOJ5_AmCPZwNoCsJtsPws0gQLWVYi6WjPU" 
_acme-challenge.nerdonthefairway.com. 120 IN TXT "OlczmhFgL5eWSK5gYlljZf42tdUOTlY_J_aI_ZBty_0" 
_acme-challenge.nerdonthefairway.com. 120 IN TXT "AcE2Cme567iTTJSYaPTD5q0ydzLN_Z8qKpPmnIDEEi8" 
_acme-challenge.nerdonthefairway.com. 120 IN TXT "nfjkZYYlxiaWGwmzEMffPnVn1I6SS_l_c-c8nnRtozY"
1 Like
5

That’s the issue. Please see the screen shots below, i’ve included the timestamp in the screenshots to make it clearer.

the dig command returns valid records.

image
image2257×533 156 KB

So, even though the records are present, I see the servers returning SERVFAIL to the letsencrypt client running within Traefik. The logs indicate that it’s waiting for records to propagate, but the above screen shot shows the records are done porpagating.

I cannot put all screen shots in one post, so please look at the next 2 posts to form the timeline.

6

SERVFAIL error returned for one domain

image
image2257×533 156 KB

7

SERVFAIL errors for the next 2 domains as well

image
image1920×481 166 KB

Please see the 2 posts immediately preceding this to get the entire context. Thanks.

8

This now works. I had to add this to my static config file

dnsChallenge:
# …
propagation:
# …
disableChecks: true

1 Like