amazon-ec2 - certbot SERVFAIL 正在查找一个 fordomain

Question

我使用 certbot 为域生成证书，第一次效果很好。之后，我将我的 amazon ec2 实例（amazon linux）更改为另一个区域。所以我更改了子域的 A 记录，现在由于 DNS 问题我无法在新实例上生成证书

certbot-auto certonly --debug --standalone -d dev.******.com

2016-07-19 17:03:29,603:DEBUG:certbot.main:Root logging level set at 30
2016-07-19 17:03:29,604:INFO:certbot.main:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2016-07-19 17:03:29,604:DEBUG:certbot.main:certbot version: 0.8.1
2016-07-19 17:03:29,604:DEBUG:certbot.main:Arguments: ['--debug', '--standalone', '-d', 'dev.********.com']
2016-07-19 17:03:29,605:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#webroot,PluginEntryPoint#null,PluginEntryPoint#manual,PluginEntryPoint#standalone)
2016-07-19 17:03:29,609:DEBUG:certbot.plugins.selection:Requested authenticator standalone and installer None
2016-07-19 17:03:29,804:DEBUG:certbot.plugins.selection:Single candidate plugin: * standalone
Description: Automatically use a temporary webserver
Interfaces: IAuthenticator, IPlugin
Entry point: standalone = certbot.plugins.standalone:Authenticator
Initialized: <certbot.plugins.standalone.Authenticator object at 0x7f0133b10d10>
Prep: True
2016-07-19 17:03:29,806:DEBUG:certbot.plugins.selection:Selected authenticator <certbot.plugins.standalone.Authenticator object at 0x7f0133b10d10> and installer None
2016-07-19 17:03:29,942:DEBUG:certbot.main:Picked account: <Account(388bf562a96cea8013b7660447da660e)>
2016-07-19 17:03:29,943:DEBUG:root:Sending GET request to https://acme-v01.api.letsencrypt.org/directory. args: (), kwargs: {}
2016-07-19 17:03:29,946:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2016-07-19 17:03:30,132:DEBUG:requests.packages.urllib3.connectionpool:"GET /directory HTTP/1.1" 200 280
2016-07-19 17:03:30,133:DEBUG:root:Received <Response [200]>. Headers: {'Content-Length': '280', 'Expires': 'Tue, 19 Jul 2016 17:03:30 GMT', 'Boulder-Request-Id': 'A4t6LE9szTZDv0FuCE7bQnICx2zyVtRVeQacSWenKUE', 'Strict-Transport-Security': 'max-age=604800', 'Server': 'nginx', 'Connection': 'keep-alive', 'Pragma': 'no-cache', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Date': 'Tue, 19 Jul 2016 17:03:30 GMT', 'X-Frame-Options': 'DENY', 'Content-Type': 'application/json', 'Replay-Nonce': 'VLinxcmE9YznBxpdisr5YqFQqf9KFT3grGMLfwvD3Jg'}. Content: '{\n  "new-authz": "https://acme-v01.api.letsencrypt.org/acme/new-authz",\n  "new-cert": "https://acme-v01.api.letsencrypt.org/acme/new-cert",\n  "new-reg": "https://acme-v01.api.letsencrypt.org/acme/new-reg",\n  "revoke-cert": "https://acme-v01.api.letsencrypt.org/acme/revoke-cert"\n}'
2016-07-19 17:03:30,133:DEBUG:acme.client:Received response <Response [200]> (headers: {'Content-Length': '280', 'Expires': 'Tue, 19 Jul 2016 17:03:30 GMT', 'Boulder-Request-Id': 'A4t6LE9szTZDv0FuCE7bQnICx2zyVtRVeQacSWenKUE', 'Strict-Transport-Security': 'max-age=604800', 'Server': 'nginx', 'Connection': 'keep-alive', 'Pragma': 'no-cache', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Date': 'Tue, 19 Jul 2016 17:03:30 GMT', 'X-Frame-Options': 'DENY', 'Content-Type': 'application/json', 'Replay-Nonce': 'VLinxcmE9YznBxpdisr5YqFQqf9KFT3grGMLfwvD3Jg'}): '{\n  "new-authz": "https://acme-v01.api.letsencrypt.org/acme/new-authz",\n  "new-cert": "https://acme-v01.api.letsencrypt.org/acme/new-cert",\n  "new-reg": "https://acme-v01.api.letsencrypt.org/acme/new-reg",\n  "revoke-cert": "https://acme-v01.api.letsencrypt.org/acme/revoke-cert"\n}'
2016-07-19 17:03:30,134:DEBUG:root:Requesting fresh nonce
2016-07-19 17:03:30,134:DEBUG:root:Sending HEAD request to https://acme-v01.api.letsencrypt.org/acme/new-authz. args: (), kwargs: {}
2016-07-19 17:03:30,327:DEBUG:requests.packages.urllib3.connectionpool:"HEAD /acme/new-authz HTTP/1.1" 405 0
2016-07-19 17:03:30,328:DEBUG:root:Received <Response [405]>. Headers: {'Content-Length': '91', 'Pragma': 'no-cache', 'Boulder-Request-Id': 'zZzFamjI7WOmh85keAw4lLd8laZfe74W1TYq3HNR7mk', 'Expires': 'Tue, 19 Jul 2016         17:03:30 GMT', 'Server': 'nginx', 'Connection': 'keep-alive', 'Allow': 'POST', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Date': 'Tue, 19 Jul 2016 17:03:30 GMT', 'Content-Type': 'application/problem+json', 'Replay-Nonce': 'CgmdRQWWj5_PPfveAA7c1o50xkOk3entsaA27xlBwmA'}. Content: ''
2016-07-19 17:03:30,328:DEBUG:acme.client:Storing nonce: '\n\t\x9dE\x05\x96\x8f\x9f\xcf=\xfb\xde\x00\x0e\xdc\xd6\x8et\xc6C\xa4\xdd\xe9\xed\xb1\xa06\xef\x19A\xc2`'
2016-07-19 17:03:30,328:DEBUG:acme.jose.json_util:Omitted empty fields: combinations=None, challenges=None, expires=None, status=None
2016-07-19 17:03:30,329:DEBUG:acme.client:Serialized JSON: {"identifier": {"type": "dns", "value": "xxxxxxxxxxxxx.com"}, "resource": "new-authz"}
2016-07-19 17:03:30,330:DEBUG:acme.jose.json_util:Omitted empty fields: kid=None, x5c=(), crit=(), jwk=None, typ=None, jku=None, cty=None, x5tS256=None, x5u=None, alg=None, x5t=None
2016-07-19 17:03:30,332:DEBUG:acme.jose.json_util:Omitted empty fields: kid=None, x5c=(), crit=(), typ=None, jku=None, cty=None, x5tS256=None, x5u=None, x5t=None, nonce=None
2016-07-19 17:03:30,332:DEBUG:root:Sending POST request to https://acme-v01.api.letsencrypt.org/acme/new-authz. args: (), kwargs: {'data': '{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "rKDIxM9XKqEZ69kyTl7L6l1OZuEaJRJdSje2z4VC8pJt0sxRJXu32BVy5zC7uKLDmj-pUxcR2N5zAZTD4hJC-CwavEp9IT4zsQacQK1E9aGQOewmAF54_qUJQrZal167BOmMIENKcQ-sbVz1OLAhz85oByCAXwW6T8v5qoXCPYIX7pmgp4IuI4WNBcWeBqFv3Joj78oSReZXCuJId8RqsP5DeYRNpetvqUHijj3JGiQnclnUW2iTRUuiilAkqswDqk4J4uAraLylprTt2iQYA4wLZDaC2Con_u3c62aLpYpK5J2D5ZVoGJANjAzzNfkQAhsun3h3LsXLgfZ0Z2n2aw"}}, "protected": "eyJub25jZSI6ICJDZ21kUlFXV2o1X1BQZnZlQUE3YzFvNTB4a09rM2VudHNhQTI3eGxCd21BIn0", "payload": "eyJpZGVudGlmaWVyIjogeyJ0eXBlIjogImRucyIsICJ2YWx1ZSI6ICJkZXYuZGlhZ25ldHdvcmsuY29tIn0sICJyZXNvdXJjZSI6ICJuZXctYXV0aHoifQ", "signature": "lQjyTE1QljLHo1CxV6T94yrPb76ruaGDNd5ZthPI-9-rUDULu8VnCVHqO0v2ZYlfKlZUza80U6-ZFRmw4lGFaB1gK0w_jV7ONIg0dzjkTu8NEdKZ6PcMUuRdZuCbwsln9coIjy_7f5tQ7ukzSbQJXEbz6MTQ-5UALr5ft_JkSLTifwJFGtejzveY3KrpeP4WaI-hGzwLLOxjnFh_tn3Z2NdOqrTWJzGn_rqvlwX0OlG-GvcV6k9a9eK9aSK4T13Vs0N5ZYqX1IbVNHcqbgvoJ50LVUYlWWTDsihrZ4ttQl_onpmy5jRDKuQSeS8B3hVRKhgdmOh4fI9OYLjpd13Ddg"}'}
2016-07-19 17:03:30,629:DEBUG:requests.packages.urllib3.connectionpool:"POST /acme/new-authz HTTP/1.1" 201 1004
2016-07-19 17:03:30,629:DEBUG:root:Received <Response [201]>. Headers: {'Content-Length': '1004', 'Expires': 'Tue, 19 Jul 2016 17:03:30 GMT', 'Boulder-Request-Id': 'PknRp_fwf5o0vaHUpy_53-SwSKCN0Qwk0kBnm15EexI', 'Strict-Transport-Security': 'max-age=604800', 'Server': 'nginx', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Connection': 'keep-alive', 'Link': '<https://acme-v01.api.letsencrypt.org/acme/new-cert>;rel="next"', 'Location': 'https://acme-v01.api.letsencrypt.org/acme/authz/C8A3Age_Z-MjpcLCotd2af-iWSl02mOqRcBgpacQSw0', 'Pragma': 'no-cache', 'Boulder-Requester': '2692481', 'Date': 'Tue, 19 Jul 2016 17:03:30 GMT', 'X-Frame-Options': 'DENY', 'Content-Type': 'application/json', 'Replay-Nonce': 'B_6L7ZtDh3CzsQtRO_e8vceSEcbZGihWBGntNZ6h_G0'}. Content: '{\n  "identifier": {\n    "type": "dns",\n    "value": "xxxxxxxxxxxxxxx.com"\n  },\n  "status": "pending",\n  "expires": "2016-07-26T17:03:30.455575285Z",\n  "challenges": [\n    {\n      "type": "dns-01",\n      "status": "pending",\n      "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/C8A3Age_Z-MjpcLCotd2af-iWSl02mOqRcBgpacQSw0/184466859",\n      "token": "6Z6vCV4zSvxn5U6WxpUcf2imTMT5kLj7rbRN5fmF9GI"\n    },\n    {\n      "type": "tls-sni-01",\n      "status": "pending",\n      "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/C8A3Age_Z-MjpcLCotd2af-iWSl02mOqRcBgpacQSw0/184466860",\n      "token": "bZjyeq34-f_T4bUcy1DVhPbnv_CanSu1c5PUezrhjqI"\n    },\n    {\n      "type": "http-01",\n      "status": "pending",\n      "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/C8A3Age_Z-MjpcLCotd2af-iWSl02mOqRcBgpacQSw0/184466861",\n      "token": "G581_pOSgF203q69BWk8tmHt1YH8lMLAidtBBQ90vnQ"\n    }\n  ],\n  "combinations": [\n    [\n      0\n    ],\n    [\n      2\n    ],\n    [\n      1\n    ]\n  ]\n}'
2016-07-19 17:03:30,629:DEBUG:acme.client:Storing nonce: '\x07\xfe\x8b\xed\x9bC\x87p\xb3\xb1\x0bQ;\xf7\xbc\xbd\xc7\x92\x11\xc6\xd9\x1a(V\x04i\xed5\x9e\xa1\xfcm'
2016-07-19 17:03:30,630:DEBUG:acme.client:Received response <Response [201]> (headers: {'Content-Length': '1004', 'Expires': 'Tue, 19 Jul 2016 17:03:30 GMT', 'Boulder-Request-Id': 'PknRp_fwf5o0vaHUpy_53-SwSKCN0Qwk0kBnm15EexI', 'Strict-Transport-Security': 'max-age=604800', 'Server': 'nginx', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Connection': 'keep-alive', 'Link': '<https://acme-v01.api.letsencrypt.org/acme/new-cert>;rel="next"', 'Location': 'https://acme-v01.api.letsencrypt.org/acme/authz/C8A3Age_Z-MjpcLCotd2af-iWSl02mOqRcBgpacQSw0', 'Pragma': 'no-cache', 'Boulder-Requester': '2692481', 'Date': 'Tue, 19 Jul 2016 17:03:30 GMT', 'X-Frame-Options': 'DENY', 'Content-Type': 'application/json', 'Replay-Nonce': 'B_6L7ZtDh3CzsQtRO_e8vceSEcbZGihWBGntNZ6h_G0'}): '{\n  "identifier": {\n    "type": "dns",\n    "value": "xxxxxxxxxxxxxxxxxxxx.com"\n  },\n  "status": "pending",\n  "expires": "2016-07-26T17:03:30.455575285Z",\n  "challenges": [\n    {\n      "type": "dns-01",\n      "status": "pending",\n      "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/C8A3Age_Z-MjpcLCotd2af-iWSl02mOqRcBgpacQSw0/184466859",\n      "token": "6Z6vCV4zSvxn5U6WxpUcf2imTMT5kLj7rbRN5fmF9GI"\n    },\n    {\n      "type": "tls-sni-01",\n      "status": "pending",\n      "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/C8A3Age_Z-MjpcLCotd2af-iWSl02mOqRcBgpacQSw0/184466860",\n      "token": "bZjyeq34-f_T4bUcy1DVhPbnv_CanSu1c5PUezrhjqI"\n    },\n    {\n      "type": "http-01",\n      "status": "pending",\n      "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/C8A3Age_Z-MjpcLCotd2af-iWSl02mOqRcBgpacQSw0/184466861",\n      "token": "G581_pOSgF203q69BWk8tmHt1YH8lMLAidtBBQ90vnQ"\n    }\n  ],\n  "combinations": [\n    [\n      0\n    ],\n    [\n      2\n    ],\n    [\n      1\n    ]\n  ]\n}'
2016-07-19 17:03:30,630:DEBUG:acme.challenges:dns-01 was not recognized, full message: {u'status': u'pending', u'token': u'6Z6vCV4zSvxn5U6WxpUcf2imTMT5kLj7rbRN5fmF9GI', u'type': u'dns-01', u'uri': u'https://acme-v01.api.letsencrypt.org/acme/challenge/C8A3Age_Z-MjpcLCotd2af-iWSl02mOqRcBgpacQSw0/184466859'}
2016-07-19 17:03:30,630:INFO:certbot.auth_handler:Performing the following challenges:
2016-07-19 17:03:30,631:INFO:certbot.auth_handler:tls-sni-01 challenge for xxxxxxxxxxxxxxxxxxxx.com
2016-07-19 17:03:30,643:INFO:certbot.auth_handler:Waiting for verification...
2016-07-19 17:03:30,643:DEBUG:acme.client:Serialized JSON: {"keyAuthorization": "bZjyeq34-f_T4bUcy1DVhPbnv_CanSu1c5PUezrhjqI.B7zuU4v6Umg0TGs8jOHl_ihptyLw9pPsE1dRzUZoOu0", "type": "tls-sni-01", "resource": "challenge"}

2016-07-19 17:03:30,644:DEBUG:acme.jose.json_util:Omitted empty fields: kid=None, x5c=(), crit=(), jwk=None, typ=None, jku=None, cty=None, x5tS256=None, x5u=None, alg=None, x5t=None
2016-07-19 17:03:30,646:DEBUG:acme.jose.json_util:Omitted empty fields: kid=None, x5c=(), crit=(), typ=None, jku=None, cty=None, x5tS256=None, x5u=None, x5t=None, nonce=None
2016-07-19 17:03:30,646:DEBUG:root:Sending POST request to https://acme-v01.api.letsencrypt.org/acme/challenge/C8A3Age_Z-MjpcLCotd2af-iWSl02mOqRcBgpacQSw0/184466860. args: (), kwargs: {'data': '{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "rKDIxM9XKqEZ69kyTl7L6l1OZuEaJRJdSje2z4VC8pJt0sxRJXu32BVy5zC7uKLDmj-pUxcR2N5zAZTD4hJC-CwavEp9IT4zsQacQK1E9aGQOewmAF54_qUJQrZal167BOmMIENKcQ-sbVz1OLAhz85oByCAXwW6T8v5qoXCPYIX7pmgp4IuI4WNBcWeBqFv3Joj78oSReZXCuJId8RqsP5DeYRNpetvqUHijj3JGiQnclnUW2iTRUuiilAkqswDqk4J4uAraLylprTt2iQYA4wLZDaC2Con_u3c62aLpYpK5J2D5ZVoGJANjAzzNfkQAhsun3h3LsXLgfZ0Z2n2aw"}}, "protected": "eyJub25jZSI6ICJCXzZMN1p0RGgzQ3pzUXRST19lOHZjZVNFY2JaR2loV0JHbnROWjZoX0cwIn0", "payload": "eyJrZXlBdXRob3JpemF0aW9uIjogImJaanllcTM0LWZfVDRiVWN5MURWaFBibnZfQ2FuU3UxYzVQVWV6cmhqcUkuQjd6dVU0djZVbWcwVEdzOGpPSGxfaWhwdHlMdzlwUHNFMWRSelVab091MCIsICJ0eXBlIjogInRscy1zbmktMDEiLCAicmVzb3VyY2UiOiAiY2hhbGxlbmdlIn0", "signature": "kZkv-CFLZH31z3kZ1naF7g41XcslUbVBPH42wptZzlov3_rWom-N8appf_eaLQ2P7lMVE89-gyM7fHmoWHl0Gpmkk4Xgmer9L4QdQyVixn60mm-1q6QMsWXT35e7Z7zokfUsOYkXQiEImIwZ0sxBc59dzxGIX7LhDFePZfyeZvH4_P0nUgpCgRqqXTni-O32stAM0i00GxLdg0kikc3UVD09iCU6sUpKpXc3kQHNLlkIkfiNN6zAngBnWDAgSMhquYKas2kk0hxnJw1UguyY9Ieu8Kd6vExi3U-yjGVOL2hVP3LkU46GS8eqvphC1mlndILGM-3VD1UYtwNAIsQt_A"}'}
2016-07-19 17:03:30,902:DEBUG:requests.packages.urllib3.connectionpool:"POST /acme/challenge/C8A3Age_Z-MjpcLCotd2af-iWSl02mOqRcBgpacQSw0/184466860 HTTP/1.1" 202 338
2016-07-19 17:03:30,902:DEBUG:root:Received <Response [202]>. Headers: {'Content-Length': '338', 'Boulder-Request-Id': 'qq5g3DMMDllSKoWuHRIRSY5oy9RNvpHZ9uF_zzYEeuk', 'Expires': 'Tue, 19 Jul 2016 17:03:30 GMT', 'Server': 'nginx', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Connection': 'keep-alive', 'Link': '<https://acme-v01.api.letsencrypt.org/acme/authz/C8A3Age_Z-MjpcLCotd2af-iWSl02mOqRcBgpacQSw0>;rel="up"', 'Location': 'https://acme-v01.api.letsencrypt.org/acme/challenge/C8A3Age_Z-MjpcLCotd2af-iWSl02mOqRcBgpacQSw0/184466860', 'Pragma': 'no-cache', 'Boulder-Requester': '2692481', 'Date': 'Tue, 19 Jul 2016 17:03:30 GMT', 'Content-Type': 'application/json', 'Replay-Nonce': 'VHPW9aR8jmuShp8pFrFuxFiQapbdip6SYQNzBaC-b7Y'}. Content: '{\n  "type": "tls-sni-01",\n  "status": "pending",\n  "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/C8A3Age_Z-MjpcLCotd2af-iWSl02mOqRcBgpacQSw0/184466860",\n  "token": "bZjyeq34-f_T4bUcy1DVhPbnv_CanSu1c5PUezrhjqI",\n  "keyAuthorization": "bZjyeq34-f_T4bUcy1DVhPbnv_CanSu1c5PUezrhjqI.B7zuU4v6Umg0TGs8jOHl_ihptyLw9pPsE1dRzUZoOu0"\n}'
2016-07-19 17:03:30,903:DEBUG:acme.client:Storing nonce: 'Ts\xd6\xf5\xa4|\x8ek\x92\x86\x9f)\x16\xb1n\xc4X\x90j\x96\xdd\x8a\x9e\x92a\x03s\x05\xa0\xbeo\xb6'
2016-07-19 17:03:30,903:DEBUG:acme.client:Received response <Response [202]> (headers: {'Content-Length': '338', 'Boulder-Request-Id': 'qq5g3DMMDllSKoWuHRIRSY5oy9RNvpHZ9uF_zzYEeuk', 'Expires': 'Tue, 19 Jul 2016 17:03:30 GMT', 'Server': 'nginx', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Connection': 'keep-alive', 'Link': '<https://acme-v01.api.letsencrypt.org/acme/authz/C8A3Age_Z-MjpcLCotd2af-iWSl02mOqRcBgpacQSw0>;rel="up"', 'Location': 'https://acme-v01.api.letsencrypt.org/acme/challenge/C8A3Age_Z-MjpcLCotd2af-iWSl02mOqRcBgpacQSw0/184466860', 'Pragma': 'no-cache', 'Boulder-Requester': '2692481', 'Date': 'Tue, 19 Jul 2016 17:03:30 GMT', 'Content-Type': 'application/json', 'Replay-Nonce': 'VHPW9aR8jmuShp8pFrFuxFiQapbdip6SYQNzBaC-b7Y'}): '{\n  "type": "tls-sni-01",\n  "status": "pending",\n  "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/C8A3Age_Z-MjpcLCotd2af-iWSl02mOqRcBgpacQSw0/184466860",\n  "token": "bZjyeq34-f_T4bUcy1DVhPbnv_CanSu1c5PUezrhjqI",\n  "keyAuthorization": "bZjyeq34-f_T4bUcy1DVhPbnv_CanSu1c5PUezrhjqI.B7zuU4v6Umg0TGs8jOHl_ihptyLw9pPsE1dRzUZoOu0"\n}'
2016-07-19 17:03:33,906:DEBUG:root:Sending GET request to https://acme-v01.api.letsencrypt.org/acme/authz/C8A3Age_Z-MjpcLCotd2af-iWSl02mOqRcBgpacQSw0. args: (), kwargs: {}
2016-07-19 17:03:34,184:DEBUG:requests.packages.urllib3.connectionpool:"GET /acme/authz/C8A3Age_Z-MjpcLCotd2af-iWSl02mOqRcBgpacQSw0 HTTP/1.1" 200 1473
2016-07-19 17:03:34,185:DEBUG:root:Received <Response [200]>. Headers: {'Content-Length': '1473', 'Expires': 'Tue, 19 Jul 2016 17:03:34 GMT', 'Boulder-Request-Id': 'kbximz8gXN1-tbWUpkkxA5s9PyXQMnZ3DM2mztNnv00', 'Strict-Transport-Security': 'max-age=604800', 'Server': 'nginx', 'Connection': 'keep-alive', 'Link': '<https://acme-v01.api.letsencrypt.org/acme/new-cert>;rel="next"', 'Pragma': 'no-cache', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Date': 'Tue, 19 Jul 2016 17:03:34 GMT', 'X-Frame-Options': 'DENY', 'Content-Type': 'application/json', 'Replay-Nonce': '9rCskcPn_HaHylVaCH-VViSBt78YdDh-I10sX5UlXak'}. Content: '{\n  "identifier": {\n    "type": "dns",\n    "value": "xxxxxxxxxxxxxxxxxxxx.com"\n  },\n  "status": "invalid",\n  "expires": "2016-07-26T17:03:30Z",\n  "challenges": [\n    {\n      "type": "dns-01",\n      "status": "pending",\n      "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/C8A3Age_Z-MjpcLCotd2af-iWSl02mOqRcBgpacQSw0/184466859",\n      "token": "6Z6vCV4zSvxn5U6WxpUcf2imTMT5kLj7rbRN5fmF9GI"\n    },\n    {\n      "type": "tls-sni-01",\n      "status": "invalid",\n      "error": {\n        "type": "urn:acme:error:connection",\n        "detail": "DNS problem: SERVFAIL looking up A for xxxxxxxxxxxxxxxxxxxx.com",\n        "status": 400\n      },\n      "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/C8A3Age_Z-MjpcLCotd2af-iWSl02mOqRcBgpacQSw0/184466860",\n      "token": "bZjyeq34-f_T4bUcy1DVhPbnv_CanSu1c5PUezrhjqI",\n      "keyAuthorization": "bZjyeq34-f_T4bUcy1DVhPbnv_CanSu1c5PUezrhjqI.B7zuU4v6Umg0TGs8jOHl_ihptyLw9pPsE1dRzUZoOu0",\n      "validationRecord": [\n        {\n          "hostname": "xxxxxxxxxxxxxxxxxxxx.com",\n          "port": "",\n          "addressesResolved": null,\n          "addressUsed": ""\n        }\n      ]\n    },\n    {\n      "type": "http-01",\n      "status": "pending",\n      "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/C8A3Age_Z-MjpcLCotd2af-iWSl02mOqRcBgpacQSw0/184466861",\n      "token": "G581_pOSgF203q69BWk8tmHt1YH8lMLAidtBBQ90vnQ"\n    }\n  ],\n  "combinations": [\n    [\n      0\n    ],\n    [\n      2\n    ],\n    [\n      1\n    ]\n  ]\n}'
2016-07-19 17:03:34,185:DEBUG:acme.client:Received response <Response [200]> (headers: {'Content-Length': '1473', 'Expires': 'Tue, 19 Jul 2016 17:03:34 GMT', 'Boulder-Request-Id': 'kbximz8gXN1-tbWUpkkxA5s9PyXQMnZ3DM2mztNnv00', 'Strict-Transport-Security': 'max-age=604800', 'Server': 'nginx', 'Connection': 'keep-alive', 'Link': '<https://acme-v01.api.letsencrypt.org/acme/new-cert>;rel="next"', 'Pragma': 'no-cache', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Date': 'Tue, 19 Jul 2016 17:03:34 GMT', 'X-Frame-Options': 'DENY', 'Content-Type': 'application/json', 'Replay-Nonce': '9rCskcPn_HaHylVaCH-VViSBt78YdDh-I10sX5UlXak'}): '{\n  "identifier": {\n    "type": "dns",\n    "value": "xxxxxxxxxxxxxxxxxxxx.com"\n  },\n  "status": "invalid",\n  "expires": "2016-07-26T17:03:30Z",\n  "challenges": [\n    {\n      "type": "dns-01",\n      "status": "pending",\n      "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/C8A3Age_Z-MjpcLCotd2af-iWSl02mOqRcBgpacQSw0/184466859",\n      "token": "6Z6vCV4zSvxn5U6WxpUcf2imTMT5kLj7rbRN5fmF9GI"\n    },\n    {\n      "type": "tls-sni-01",\n      "status": "invalid",\n      "error": {\n        "type": "urn:acme:error:connection",\n        "detail": "DNS problem: SERVFAIL looking up A for xxxxxxxxxxxxxxxxxxxx.com",\n        "status": 400\n      },\n      "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/C8A3Age_Z-MjpcLCotd2af-iWSl02mOqRcBgpacQSw0/184466860",\n      "token": "bZjyeq34-f_T4bUcy1DVhPbnv_CanSu1c5PUezrhjqI",\n      "keyAuthorization": "bZjyeq34-f_T4bUcy1DVhPbnv_CanSu1c5PUezrhjqI.B7zuU4v6Umg0TGs8jOHl_ihptyLw9pPsE1dRzUZoOu0",\n      "validationRecord": [\n        {\n          "hostname": "xxxxxxxxxxxxxxxxxxxx.com",\n          "port": "",\n          "addressesResolved": null,\n          "addressUsed": ""\n        }\n      ]\n    },\n    {\n      "type": "http-01",\n      "status": "pending",\n      "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/C8A3Age_Z-MjpcLCotd2af-iWSl02mOqRcBgpacQSw0/184466861",\n      "token": "G581_pOSgF203q69BWk8tmHt1YH8lMLAidtBBQ90vnQ"\n    }\n  ],\n  "combinations": [\n    [\n      0\n    ],\n    [\n      2\n    ],\n    [\n      1\n    ]\n  ]\n}'
2016-07-19 17:03:34,186:DEBUG:acme.challenges:dns-01 was not recognized, full message: {u'status': u'pending', u'token': u'6Z6vCV4zSvxn5U6WxpUcf2imTMT5kLj7rbRN5fmF9GI', u'type': u'dns-01', u'uri': u'https://acme-v01.api.letsencrypt.org/acme/challenge/C8A3Age_Z-MjpcLCotd2af-iWSl02mOqRcBgpacQSw0/184466859'}
2016-07-19 17:03:34,186:INFO:certbot.reporter:Reporting to user: The following errors were reported by the server:

Domain: xxxxxxxxxxxxxxxxxxxx.com
Type:   connection
Detail: DNS problem: SERVFAIL looking up A for xxxxxxxxxxxxxxxxxxxx.com

To fix these errors, please make sure that your domain name was entered correctly and the DNS A record(s) for that domain contain(s) the right IP address. Additionally, please check that your computer has a publicly routable IP address and that no firewalls are preventing the server from communicating with the client. If you're using the webroot plugin, you should also verify that you are serving files from the webroot path you provided.
2016-07-19 17:03:34,186:INFO:certbot.auth_handler:Cleaning up challenges
2016-07-19 17:03:34,187:DEBUG:certbot.plugins.standalone:Stopping server at 0.0.0.0:443...
2016-07-19 17:03:34,646:DEBUG:certbot.main:Exiting abnormally:
Traceback (most recent call last):
  File "/home/ec2-user/.local/share/letsencrypt/bin/letsencrypt", line 11, in <module>
    sys.exit(main())
  File "/home/ec2-user/.local/share/letsencrypt/local/lib/python2.7/dist-packages/certbot/main.py", line 744, in main
    return config.func(config, plugins)
  File "/home/ec2-user/.local/share/letsencrypt/local/lib/python2.7/dist-packages/certbot/main.py", line 555, in obtain_cert
_, action = _auth_from_domains(le_client, config, domains, lineage)
  File "/home/ec2-user/.local/share/letsencrypt/local/lib/python2.7/dist-packages/certbot/main.py", line 94, in _auth_from_domains
lineage = le_client.obtain_and_enroll_certificate(domains)
  File "/home/ec2-user/.local/share/letsencrypt/local/lib/python2.7/dist-packages/certbot/client.py", line 276, in obtain_and_enroll_certificate
certr, chain, key, _ = self.obtain_certificate(domains)
  File "/home/ec2-user/.local/share/letsencrypt/local/lib/python2.7/dist-packages/certbot/client.py", line 247, in obtain_certificate
self.config.allow_subset_of_names)
  File "/home/ec2-user/.local/share/letsencrypt/local/lib/python2.7/dist-packages/certbot/auth_handler.py", line 74, in get_authorizations
self._respond(resp, best_effort)
  File "/home/ec2-user/.local/share/letsencrypt/local/lib/python2.7/dist-packages/certbot/auth_handler.py", line 131, in _respond
self._poll_challenges(chall_update, best_effort)
  File "/home/ec2-user/.local/share/letsencrypt/local/lib/python2.7/dist-packages/certbot/auth_handler.py", line 195, in _poll_challenges
raise errors.FailedChallenges(all_failed_achalls)
FailedChallenges: Failed authorization procedure. xxxxxxxxxxxxxxxxxxxx.com (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: DNS problem: SERVFAIL looking up A for xxxxxxxxxxxxxxxxxxxx.com

如果你有一个想法......我完全迷路了

Answer 1

问题是由于 DNSSEC。DNSSEC 已在域上激活，因为我的第一个注册商可以支持此选项。当我更改 Amazon Route 53 的注册商时，DNSSEC 仍处于激活状态，但 Amazon Route 53 不支持此选项。亚马逊没有删除该选项或发出明确的警告，而是将此信息放在丢失页面的工具提示中……“DNSSEC 已激活，但 Route 53 尚不支持”UI 并不是他们的最佳技能。

还是要谢谢你的帮助 ！

Answer 2

有两件事会导致此类错误： - 您的域 DNS 记录太新，尚未在所有 DNS 服务器上列出。如果问题是这个，如果你给它一些时间，比如2天，它会自行解决。- DS 记录会阻止您的域被验证。这是我的情况，我的 .eu 域之一无法通过 Let's Encrypt certbot。我不知道此域的 DNS 记录中有一条 DS 记录。一旦我删除它，我的域就会使用 certbot 获得经过验证的广告安装 SSL 证书。要检查此问题，请登录您的域面板。转到 DNS 区域文件。寻找 DS 记录。如果那里有任何记录，请删除并保存您的区域文件。如果这对您来说有困难，请尝试在 cloudflare.com 上注册您的域。如果您的域有 DS 记录，Cloudflare 会通过电子邮件通知您。

我希望它对你有帮助。