certbot SERVFAIL looking up A fordomain

Question

I used certbot to generate a certificate for a domain, it worked great the first time. After that I changed my amazon ec2 instance (amazon linux) for an other region. So I changed the A record for the subdomain and now i can't generate a certificate on the new instance because of DNS issue

certbot-auto certonly --debug --standalone -d dev.******.com

2016-07-19 17:03:29,603:DEBUG:certbot.main:Root logging level set at 30
2016-07-19 17:03:29,604:INFO:certbot.main:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2016-07-19 17:03:29,604:DEBUG:certbot.main:certbot version: 0.8.1
2016-07-19 17:03:29,604:DEBUG:certbot.main:Arguments: ['--debug', '--standalone', '-d', 'dev.********.com']
2016-07-19 17:03:29,605:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#webroot,PluginEntryPoint#null,PluginEntryPoint#manual,PluginEntryPoint#standalone)
2016-07-19 17:03:29,609:DEBUG:certbot.plugins.selection:Requested authenticator standalone and installer None
2016-07-19 17:03:29,804:DEBUG:certbot.plugins.selection:Single candidate plugin: * standalone
Description: Automatically use a temporary webserver
Interfaces: IAuthenticator, IPlugin
Entry point: standalone = certbot.plugins.standalone:Authenticator
Initialized: <certbot.plugins.standalone.Authenticator object at 0x7f0133b10d10>
Prep: True
2016-07-19 17:03:29,806:DEBUG:certbot.plugins.selection:Selected authenticator <certbot.plugins.standalone.Authenticator object at 0x7f0133b10d10> and installer None
2016-07-19 17:03:29,942:DEBUG:certbot.main:Picked account: <Account(388bf562a96cea8013b7660447da660e)>
2016-07-19 17:03:29,943:DEBUG:root:Sending GET request to https://acme-v01.api.letsencrypt.org/directory. args: (), kwargs: {}
2016-07-19 17:03:29,946:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2016-07-19 17:03:30,132:DEBUG:requests.packages.urllib3.connectionpool:"GET /directory HTTP/1.1" 200 280
2016-07-19 17:03:30,133:DEBUG:root:Received <Response [200]>. Headers: {'Content-Length': '280', 'Expires': 'Tue, 19 Jul 2016 17:03:30 GMT', 'Boulder-Request-Id': 'A4t6LE9szTZDv0FuCE7bQnICx2zyVtRVeQacSWenKUE', 'Strict-Transport-Security': 'max-age=604800', 'Server': 'nginx', 'Connection': 'keep-alive', 'Pragma': 'no-cache', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Date': 'Tue, 19 Jul 2016 17:03:30 GMT', 'X-Frame-Options': 'DENY', 'Content-Type': 'application/json', 'Replay-Nonce': 'VLinxcmE9YznBxpdisr5YqFQqf9KFT3grGMLfwvD3Jg'}. Content: '{\n  "new-authz": "https://acme-v01.api.letsencrypt.org/acme/new-authz",\n  "new-cert": "https://acme-v01.api.letsencrypt.org/acme/new-cert",\n  "new-reg": "https://acme-v01.api.letsencrypt.org/acme/new-reg",\n  "revoke-cert": "https://acme-v01.api.letsencrypt.org/acme/revoke-cert"\n}'
2016-07-19 17:03:30,133:DEBUG:acme.client:Received response <Response [200]> (headers: {'Content-Length': '280', 'Expires': 'Tue, 19 Jul 2016 17:03:30 GMT', 'Boulder-Request-Id': 'A4t6LE9szTZDv0FuCE7bQnICx2zyVtRVeQacSWenKUE', 'Strict-Transport-Security': 'max-age=604800', 'Server': 'nginx', 'Connection': 'keep-alive', 'Pragma': 'no-cache', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Date': 'Tue, 19 Jul 2016 17:03:30 GMT', 'X-Frame-Options': 'DENY', 'Content-Type': 'application/json', 'Replay-Nonce': 'VLinxcmE9YznBxpdisr5YqFQqf9KFT3grGMLfwvD3Jg'}): '{\n  "new-authz": "https://acme-v01.api.letsencrypt.org/acme/new-authz",\n  "new-cert": "https://acme-v01.api.letsencrypt.org/acme/new-cert",\n  "new-reg": "https://acme-v01.api.letsencrypt.org/acme/new-reg",\n  "revoke-cert": "https://acme-v01.api.letsencrypt.org/acme/revoke-cert"\n}'
2016-07-19 17:03:30,134:DEBUG:root:Requesting fresh nonce
2016-07-19 17:03:30,134:DEBUG:root:Sending HEAD request to https://acme-v01.api.letsencrypt.org/acme/new-authz. args: (), kwargs: {}
2016-07-19 17:03:30,327:DEBUG:requests.packages.urllib3.connectionpool:"HEAD /acme/new-authz HTTP/1.1" 405 0
2016-07-19 17:03:30,328:DEBUG:root:Received <Response [405]>. Headers: {'Content-Length': '91', 'Pragma': 'no-cache', 'Boulder-Request-Id': 'zZzFamjI7WOmh85keAw4lLd8laZfe74W1TYq3HNR7mk', 'Expires': 'Tue, 19 Jul 2016         17:03:30 GMT', 'Server': 'nginx', 'Connection': 'keep-alive', 'Allow': 'POST', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Date': 'Tue, 19 Jul 2016 17:03:30 GMT', 'Content-Type': 'application/problem+json', 'Replay-Nonce': 'CgmdRQWWj5_PPfveAA7c1o50xkOk3entsaA27xlBwmA'}. Content: ''
2016-07-19 17:03:30,328:DEBUG:acme.client:Storing nonce: '\n\t\x9dE\x05\x96\x8f\x9f\xcf=\xfb\xde\x00\x0e\xdc\xd6\x8et\xc6C\xa4\xdd\xe9\xed\xb1\xa06\xef\x19A\xc2`'
2016-07-19 17:03:30,328:DEBUG:acme.jose.json_util:Omitted empty fields: combinations=None, challenges=None, expires=None, status=None
2016-07-19 17:03:30,329:DEBUG:acme.client:Serialized JSON: {"identifier": {"type": "dns", "value": "xxxxxxxxxxxxx.com"}, "resource": "new-authz"}
2016-07-19 17:03:30,330:DEBUG:acme.jose.json_util:Omitted empty fields: kid=None, x5c=(), crit=(), jwk=None, typ=None, jku=None, cty=None, x5tS256=None, x5u=None, alg=None, x5t=None
2016-07-19 17:03:30,332:DEBUG:acme.jose.json_util:Omitted empty fields: kid=None, x5c=(), crit=(), typ=None, jku=None, cty=None, x5tS256=None, x5u=None, x5t=None, nonce=None
2016-07-19 17:03:30,332:DEBUG:root:Sending POST request to https://acme-v01.api.letsencrypt.org/acme/new-authz. args: (), kwargs: {'data': '{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "rKDIxM9XKqEZ69kyTl7L6l1OZuEaJRJdSje2z4VC8pJt0sxRJXu32BVy5zC7uKLDmj-pUxcR2N5zAZTD4hJC-CwavEp9IT4zsQacQK1E9aGQOewmAF54_qUJQrZal167BOmMIENKcQ-sbVz1OLAhz85oByCAXwW6T8v5qoXCPYIX7pmgp4IuI4WNBcWeBqFv3Joj78oSReZXCuJId8RqsP5DeYRNpetvqUHijj3JGiQnclnUW2iTRUuiilAkqswDqk4J4uAraLylprTt2iQYA4wLZDaC2Con_u3c62aLpYpK5J2D5ZVoGJANjAzzNfkQAhsun3h3LsXLgfZ0Z2n2aw"}}, "protected": "eyJub25jZSI6ICJDZ21kUlFXV2o1X1BQZnZlQUE3YzFvNTB4a09rM2VudHNhQTI3eGxCd21BIn0", "payload": "eyJpZGVudGlmaWVyIjogeyJ0eXBlIjogImRucyIsICJ2YWx1ZSI6ICJkZXYuZGlhZ25ldHdvcmsuY29tIn0sICJyZXNvdXJjZSI6ICJuZXctYXV0aHoifQ", "signature": "lQjyTE1QljLHo1CxV6T94yrPb76ruaGDNd5ZthPI-9-rUDULu8VnCVHqO0v2ZYlfKlZUza80U6-ZFRmw4lGFaB1gK0w_jV7ONIg0dzjkTu8NEdKZ6PcMUuRdZuCbwsln9coIjy_7f5tQ7ukzSbQJXEbz6MTQ-5UALr5ft_JkSLTifwJFGtejzveY3KrpeP4WaI-hGzwLLOxjnFh_tn3Z2NdOqrTWJzGn_rqvlwX0OlG-GvcV6k9a9eK9aSK4T13Vs0N5ZYqX1IbVNHcqbgvoJ50LVUYlWWTDsihrZ4ttQl_onpmy5jRDKuQSeS8B3hVRKhgdmOh4fI9OYLjpd13Ddg"}'}
2016-07-19 17:03:30,629:DEBUG:requests.packages.urllib3.connectionpool:"POST /acme/new-authz HTTP/1.1" 201 1004
2016-07-19 17:03:30,629:DEBUG:root:Received <Response [201]>. Headers: {'Content-Length': '1004', 'Expires': 'Tue, 19 Jul 2016 17:03:30 GMT', 'Boulder-Request-Id': 'PknRp_fwf5o0vaHUpy_53-SwSKCN0Qwk0kBnm15EexI', 'Strict-Transport-Security': 'max-age=604800', 'Server': 'nginx', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Connection': 'keep-alive', 'Link': '<https://acme-v01.api.letsencrypt.org/acme/new-cert>;rel="next"', 'Location': 'https://acme-v01.api.letsencrypt.org/acme/authz/C8A3Age_Z-MjpcLCotd2af-iWSl02mOqRcBgpacQSw0', 'Pragma': 'no-cache', 'Boulder-Requester': '2692481', 'Date': 'Tue, 19 Jul 2016 17:03:30 GMT', 'X-Frame-Options': 'DENY', 'Content-Type': 'application/json', 'Replay-Nonce': 'B_6L7ZtDh3CzsQtRO_e8vceSEcbZGihWBGntNZ6h_G0'}. Content: '{\n  "identifier": {\n    "type": "dns",\n    "value": "xxxxxxxxxxxxxxx.com"\n  },\n  "status": "pending",\n  "expires": "2016-07-26T17:03:30.455575285Z",\n  "challenges": [\n    {\n      "type": "dns-01",\n      "status": "pending",\n      "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/C8A3Age_Z-MjpcLCotd2af-iWSl02mOqRcBgpacQSw0/184466859",\n      "token": "6Z6vCV4zSvxn5U6WxpUcf2imTMT5kLj7rbRN5fmF9GI"\n    },\n    {\n      "type": "tls-sni-01",\n      "status": "pending",\n      "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/C8A3Age_Z-MjpcLCotd2af-iWSl02mOqRcBgpacQSw0/184466860",\n      "token": "bZjyeq34-f_T4bUcy1DVhPbnv_CanSu1c5PUezrhjqI"\n    },\n    {\n      "type": "http-01",\n      "status": "pending",\n      "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/C8A3Age_Z-MjpcLCotd2af-iWSl02mOqRcBgpacQSw0/184466861",\n      "token": "G581_pOSgF203q69BWk8tmHt1YH8lMLAidtBBQ90vnQ"\n    }\n  ],\n  "combinations": [\n    [\n      0\n    ],\n    [\n      2\n    ],\n    [\n      1\n    ]\n  ]\n}'
2016-07-19 17:03:30,629:DEBUG:acme.client:Storing nonce: '\x07\xfe\x8b\xed\x9bC\x87p\xb3\xb1\x0bQ;\xf7\xbc\xbd\xc7\x92\x11\xc6\xd9\x1a(V\x04i\xed5\x9e\xa1\xfcm'
2016-07-19 17:03:30,630:DEBUG:acme.client:Received response <Response [201]> (headers: {'Content-Length': '1004', 'Expires': 'Tue, 19 Jul 2016 17:03:30 GMT', 'Boulder-Request-Id': 'PknRp_fwf5o0vaHUpy_53-SwSKCN0Qwk0kBnm15EexI', 'Strict-Transport-Security': 'max-age=604800', 'Server': 'nginx', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Connection': 'keep-alive', 'Link': '<https://acme-v01.api.letsencrypt.org/acme/new-cert>;rel="next"', 'Location': 'https://acme-v01.api.letsencrypt.org/acme/authz/C8A3Age_Z-MjpcLCotd2af-iWSl02mOqRcBgpacQSw0', 'Pragma': 'no-cache', 'Boulder-Requester': '2692481', 'Date': 'Tue, 19 Jul 2016 17:03:30 GMT', 'X-Frame-Options': 'DENY', 'Content-Type': 'application/json', 'Replay-Nonce': 'B_6L7ZtDh3CzsQtRO_e8vceSEcbZGihWBGntNZ6h_G0'}): '{\n  "identifier": {\n    "type": "dns",\n    "value": "xxxxxxxxxxxxxxxxxxxx.com"\n  },\n  "status": "pending",\n  "expires": "2016-07-26T17:03:30.455575285Z",\n  "challenges": [\n    {\n      "type": "dns-01",\n      "status": "pending",\n      "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/C8A3Age_Z-MjpcLCotd2af-iWSl02mOqRcBgpacQSw0/184466859",\n      "token": "6Z6vCV4zSvxn5U6WxpUcf2imTMT5kLj7rbRN5fmF9GI"\n    },\n    {\n      "type": "tls-sni-01",\n      "status": "pending",\n      "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/C8A3Age_Z-MjpcLCotd2af-iWSl02mOqRcBgpacQSw0/184466860",\n      "token": "bZjyeq34-f_T4bUcy1DVhPbnv_CanSu1c5PUezrhjqI"\n    },\n    {\n      "type": "http-01",\n      "status": "pending",\n      "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/C8A3Age_Z-MjpcLCotd2af-iWSl02mOqRcBgpacQSw0/184466861",\n      "token": "G581_pOSgF203q69BWk8tmHt1YH8lMLAidtBBQ90vnQ"\n    }\n  ],\n  "combinations": [\n    [\n      0\n    ],\n    [\n      2\n    ],\n    [\n      1\n    ]\n  ]\n}'
2016-07-19 17:03:30,630:DEBUG:acme.challenges:dns-01 was not recognized, full message: {u'status': u'pending', u'token': u'6Z6vCV4zSvxn5U6WxpUcf2imTMT5kLj7rbRN5fmF9GI', u'type': u'dns-01', u'uri': u'https://acme-v01.api.letsencrypt.org/acme/challenge/C8A3Age_Z-MjpcLCotd2af-iWSl02mOqRcBgpacQSw0/184466859'}
2016-07-19 17:03:30,630:INFO:certbot.auth_handler:Performing the following challenges:
2016-07-19 17:03:30,631:INFO:certbot.auth_handler:tls-sni-01 challenge for xxxxxxxxxxxxxxxxxxxx.com
2016-07-19 17:03:30,643:INFO:certbot.auth_handler:Waiting for verification...
2016-07-19 17:03:30,643:DEBUG:acme.client:Serialized JSON: {"keyAuthorization": "bZjyeq34-f_T4bUcy1DVhPbnv_CanSu1c5PUezrhjqI.B7zuU4v6Umg0TGs8jOHl_ihptyLw9pPsE1dRzUZoOu0", "type": "tls-sni-01", "resource": "challenge"}

2016-07-19 17:03:30,644:DEBUG:acme.jose.json_util:Omitted empty fields: kid=None, x5c=(), crit=(), jwk=None, typ=None, jku=None, cty=None, x5tS256=None, x5u=None, alg=None, x5t=None
2016-07-19 17:03:30,646:DEBUG:acme.jose.json_util:Omitted empty fields: kid=None, x5c=(), crit=(), typ=None, jku=None, cty=None, x5tS256=None, x5u=None, x5t=None, nonce=None
2016-07-19 17:03:30,646:DEBUG:root:Sending POST request to https://acme-v01.api.letsencrypt.org/acme/challenge/C8A3Age_Z-MjpcLCotd2af-iWSl02mOqRcBgpacQSw0/184466860. args: (), kwargs: {'data': '{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "rKDIxM9XKqEZ69kyTl7L6l1OZuEaJRJdSje2z4VC8pJt0sxRJXu32BVy5zC7uKLDmj-pUxcR2N5zAZTD4hJC-CwavEp9IT4zsQacQK1E9aGQOewmAF54_qUJQrZal167BOmMIENKcQ-sbVz1OLAhz85oByCAXwW6T8v5qoXCPYIX7pmgp4IuI4WNBcWeBqFv3Joj78oSReZXCuJId8RqsP5DeYRNpetvqUHijj3JGiQnclnUW2iTRUuiilAkqswDqk4J4uAraLylprTt2iQYA4wLZDaC2Con_u3c62aLpYpK5J2D5ZVoGJANjAzzNfkQAhsun3h3LsXLgfZ0Z2n2aw"}}, "protected": "eyJub25jZSI6ICJCXzZMN1p0RGgzQ3pzUXRST19lOHZjZVNFY2JaR2loV0JHbnROWjZoX0cwIn0", "payload": "eyJrZXlBdXRob3JpemF0aW9uIjogImJaanllcTM0LWZfVDRiVWN5MURWaFBibnZfQ2FuU3UxYzVQVWV6cmhqcUkuQjd6dVU0djZVbWcwVEdzOGpPSGxfaWhwdHlMdzlwUHNFMWRSelVab091MCIsICJ0eXBlIjogInRscy1zbmktMDEiLCAicmVzb3VyY2UiOiAiY2hhbGxlbmdlIn0", "signature": "kZkv-CFLZH31z3kZ1naF7g41XcslUbVBPH42wptZzlov3_rWom-N8appf_eaLQ2P7lMVE89-gyM7fHmoWHl0Gpmkk4Xgmer9L4QdQyVixn60mm-1q6QMsWXT35e7Z7zokfUsOYkXQiEImIwZ0sxBc59dzxGIX7LhDFePZfyeZvH4_P0nUgpCgRqqXTni-O32stAM0i00GxLdg0kikc3UVD09iCU6sUpKpXc3kQHNLlkIkfiNN6zAngBnWDAgSMhquYKas2kk0hxnJw1UguyY9Ieu8Kd6vExi3U-yjGVOL2hVP3LkU46GS8eqvphC1mlndILGM-3VD1UYtwNAIsQt_A"}'}
2016-07-19 17:03:30,902:DEBUG:requests.packages.urllib3.connectionpool:"POST /acme/challenge/C8A3Age_Z-MjpcLCotd2af-iWSl02mOqRcBgpacQSw0/184466860 HTTP/1.1" 202 338
2016-07-19 17:03:30,902:DEBUG:root:Received <Response [202]>. Headers: {'Content-Length': '338', 'Boulder-Request-Id': 'qq5g3DMMDllSKoWuHRIRSY5oy9RNvpHZ9uF_zzYEeuk', 'Expires': 'Tue, 19 Jul 2016 17:03:30 GMT', 'Server': 'nginx', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Connection': 'keep-alive', 'Link': '<https://acme-v01.api.letsencrypt.org/acme/authz/C8A3Age_Z-MjpcLCotd2af-iWSl02mOqRcBgpacQSw0>;rel="up"', 'Location': 'https://acme-v01.api.letsencrypt.org/acme/challenge/C8A3Age_Z-MjpcLCotd2af-iWSl02mOqRcBgpacQSw0/184466860', 'Pragma': 'no-cache', 'Boulder-Requester': '2692481', 'Date': 'Tue, 19 Jul 2016 17:03:30 GMT', 'Content-Type': 'application/json', 'Replay-Nonce': 'VHPW9aR8jmuShp8pFrFuxFiQapbdip6SYQNzBaC-b7Y'}. Content: '{\n  "type": "tls-sni-01",\n  "status": "pending",\n  "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/C8A3Age_Z-MjpcLCotd2af-iWSl02mOqRcBgpacQSw0/184466860",\n  "token": "bZjyeq34-f_T4bUcy1DVhPbnv_CanSu1c5PUezrhjqI",\n  "keyAuthorization": "bZjyeq34-f_T4bUcy1DVhPbnv_CanSu1c5PUezrhjqI.B7zuU4v6Umg0TGs8jOHl_ihptyLw9pPsE1dRzUZoOu0"\n}'
2016-07-19 17:03:30,903:DEBUG:acme.client:Storing nonce: 'Ts\xd6\xf5\xa4|\x8ek\x92\x86\x9f)\x16\xb1n\xc4X\x90j\x96\xdd\x8a\x9e\x92a\x03s\x05\xa0\xbeo\xb6'
2016-07-19 17:03:30,903:DEBUG:acme.client:Received response <Response [202]> (headers: {'Content-Length': '338', 'Boulder-Request-Id': 'qq5g3DMMDllSKoWuHRIRSY5oy9RNvpHZ9uF_zzYEeuk', 'Expires': 'Tue, 19 Jul 2016 17:03:30 GMT', 'Server': 'nginx', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Connection': 'keep-alive', 'Link': '<https://acme-v01.api.letsencrypt.org/acme/authz/C8A3Age_Z-MjpcLCotd2af-iWSl02mOqRcBgpacQSw0>;rel="up"', 'Location': 'https://acme-v01.api.letsencrypt.org/acme/challenge/C8A3Age_Z-MjpcLCotd2af-iWSl02mOqRcBgpacQSw0/184466860', 'Pragma': 'no-cache', 'Boulder-Requester': '2692481', 'Date': 'Tue, 19 Jul 2016 17:03:30 GMT', 'Content-Type': 'application/json', 'Replay-Nonce': 'VHPW9aR8jmuShp8pFrFuxFiQapbdip6SYQNzBaC-b7Y'}): '{\n  "type": "tls-sni-01",\n  "status": "pending",\n  "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/C8A3Age_Z-MjpcLCotd2af-iWSl02mOqRcBgpacQSw0/184466860",\n  "token": "bZjyeq34-f_T4bUcy1DVhPbnv_CanSu1c5PUezrhjqI",\n  "keyAuthorization": "bZjyeq34-f_T4bUcy1DVhPbnv_CanSu1c5PUezrhjqI.B7zuU4v6Umg0TGs8jOHl_ihptyLw9pPsE1dRzUZoOu0"\n}'
2016-07-19 17:03:33,906:DEBUG:root:Sending GET request to https://acme-v01.api.letsencrypt.org/acme/authz/C8A3Age_Z-MjpcLCotd2af-iWSl02mOqRcBgpacQSw0. args: (), kwargs: {}
2016-07-19 17:03:34,184:DEBUG:requests.packages.urllib3.connectionpool:"GET /acme/authz/C8A3Age_Z-MjpcLCotd2af-iWSl02mOqRcBgpacQSw0 HTTP/1.1" 200 1473
2016-07-19 17:03:34,185:DEBUG:root:Received <Response [200]>. Headers: {'Content-Length': '1473', 'Expires': 'Tue, 19 Jul 2016 17:03:34 GMT', 'Boulder-Request-Id': 'kbximz8gXN1-tbWUpkkxA5s9PyXQMnZ3DM2mztNnv00', 'Strict-Transport-Security': 'max-age=604800', 'Server': 'nginx', 'Connection': 'keep-alive', 'Link': '<https://acme-v01.api.letsencrypt.org/acme/new-cert>;rel="next"', 'Pragma': 'no-cache', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Date': 'Tue, 19 Jul 2016 17:03:34 GMT', 'X-Frame-Options': 'DENY', 'Content-Type': 'application/json', 'Replay-Nonce': '9rCskcPn_HaHylVaCH-VViSBt78YdDh-I10sX5UlXak'}. Content: '{\n  "identifier": {\n    "type": "dns",\n    "value": "xxxxxxxxxxxxxxxxxxxx.com"\n  },\n  "status": "invalid",\n  "expires": "2016-07-26T17:03:30Z",\n  "challenges": [\n    {\n      "type": "dns-01",\n      "status": "pending",\n      "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/C8A3Age_Z-MjpcLCotd2af-iWSl02mOqRcBgpacQSw0/184466859",\n      "token": "6Z6vCV4zSvxn5U6WxpUcf2imTMT5kLj7rbRN5fmF9GI"\n    },\n    {\n      "type": "tls-sni-01",\n      "status": "invalid",\n      "error": {\n        "type": "urn:acme:error:connection",\n        "detail": "DNS problem: SERVFAIL looking up A for xxxxxxxxxxxxxxxxxxxx.com",\n        "status": 400\n      },\n      "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/C8A3Age_Z-MjpcLCotd2af-iWSl02mOqRcBgpacQSw0/184466860",\n      "token": "bZjyeq34-f_T4bUcy1DVhPbnv_CanSu1c5PUezrhjqI",\n      "keyAuthorization": "bZjyeq34-f_T4bUcy1DVhPbnv_CanSu1c5PUezrhjqI.B7zuU4v6Umg0TGs8jOHl_ihptyLw9pPsE1dRzUZoOu0",\n      "validationRecord": [\n        {\n          "hostname": "xxxxxxxxxxxxxxxxxxxx.com",\n          "port": "",\n          "addressesResolved": null,\n          "addressUsed": ""\n        }\n      ]\n    },\n    {\n      "type": "http-01",\n      "status": "pending",\n      "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/C8A3Age_Z-MjpcLCotd2af-iWSl02mOqRcBgpacQSw0/184466861",\n      "token": "G581_pOSgF203q69BWk8tmHt1YH8lMLAidtBBQ90vnQ"\n    }\n  ],\n  "combinations": [\n    [\n      0\n    ],\n    [\n      2\n    ],\n    [\n      1\n    ]\n  ]\n}'
2016-07-19 17:03:34,185:DEBUG:acme.client:Received response <Response [200]> (headers: {'Content-Length': '1473', 'Expires': 'Tue, 19 Jul 2016 17:03:34 GMT', 'Boulder-Request-Id': 'kbximz8gXN1-tbWUpkkxA5s9PyXQMnZ3DM2mztNnv00', 'Strict-Transport-Security': 'max-age=604800', 'Server': 'nginx', 'Connection': 'keep-alive', 'Link': '<https://acme-v01.api.letsencrypt.org/acme/new-cert>;rel="next"', 'Pragma': 'no-cache', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Date': 'Tue, 19 Jul 2016 17:03:34 GMT', 'X-Frame-Options': 'DENY', 'Content-Type': 'application/json', 'Replay-Nonce': '9rCskcPn_HaHylVaCH-VViSBt78YdDh-I10sX5UlXak'}): '{\n  "identifier": {\n    "type": "dns",\n    "value": "xxxxxxxxxxxxxxxxxxxx.com"\n  },\n  "status": "invalid",\n  "expires": "2016-07-26T17:03:30Z",\n  "challenges": [\n    {\n      "type": "dns-01",\n      "status": "pending",\n      "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/C8A3Age_Z-MjpcLCotd2af-iWSl02mOqRcBgpacQSw0/184466859",\n      "token": "6Z6vCV4zSvxn5U6WxpUcf2imTMT5kLj7rbRN5fmF9GI"\n    },\n    {\n      "type": "tls-sni-01",\n      "status": "invalid",\n      "error": {\n        "type": "urn:acme:error:connection",\n        "detail": "DNS problem: SERVFAIL looking up A for xxxxxxxxxxxxxxxxxxxx.com",\n        "status": 400\n      },\n      "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/C8A3Age_Z-MjpcLCotd2af-iWSl02mOqRcBgpacQSw0/184466860",\n      "token": "bZjyeq34-f_T4bUcy1DVhPbnv_CanSu1c5PUezrhjqI",\n      "keyAuthorization": "bZjyeq34-f_T4bUcy1DVhPbnv_CanSu1c5PUezrhjqI.B7zuU4v6Umg0TGs8jOHl_ihptyLw9pPsE1dRzUZoOu0",\n      "validationRecord": [\n        {\n          "hostname": "xxxxxxxxxxxxxxxxxxxx.com",\n          "port": "",\n          "addressesResolved": null,\n          "addressUsed": ""\n        }\n      ]\n    },\n    {\n      "type": "http-01",\n      "status": "pending",\n      "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/C8A3Age_Z-MjpcLCotd2af-iWSl02mOqRcBgpacQSw0/184466861",\n      "token": "G581_pOSgF203q69BWk8tmHt1YH8lMLAidtBBQ90vnQ"\n    }\n  ],\n  "combinations": [\n    [\n      0\n    ],\n    [\n      2\n    ],\n    [\n      1\n    ]\n  ]\n}'
2016-07-19 17:03:34,186:DEBUG:acme.challenges:dns-01 was not recognized, full message: {u'status': u'pending', u'token': u'6Z6vCV4zSvxn5U6WxpUcf2imTMT5kLj7rbRN5fmF9GI', u'type': u'dns-01', u'uri': u'https://acme-v01.api.letsencrypt.org/acme/challenge/C8A3Age_Z-MjpcLCotd2af-iWSl02mOqRcBgpacQSw0/184466859'}
2016-07-19 17:03:34,186:INFO:certbot.reporter:Reporting to user: The following errors were reported by the server:

Domain: xxxxxxxxxxxxxxxxxxxx.com
Type:   connection
Detail: DNS problem: SERVFAIL looking up A for xxxxxxxxxxxxxxxxxxxx.com

To fix these errors, please make sure that your domain name was entered correctly and the DNS A record(s) for that domain contain(s) the right IP address. Additionally, please check that your computer has a publicly routable IP address and that no firewalls are preventing the server from communicating with the client. If you're using the webroot plugin, you should also verify that you are serving files from the webroot path you provided.
2016-07-19 17:03:34,186:INFO:certbot.auth_handler:Cleaning up challenges
2016-07-19 17:03:34,187:DEBUG:certbot.plugins.standalone:Stopping server at 0.0.0.0:443...
2016-07-19 17:03:34,646:DEBUG:certbot.main:Exiting abnormally:
Traceback (most recent call last):
  File "/home/ec2-user/.local/share/letsencrypt/bin/letsencrypt", line 11, in <module>
    sys.exit(main())
  File "/home/ec2-user/.local/share/letsencrypt/local/lib/python2.7/dist-packages/certbot/main.py", line 744, in main
    return config.func(config, plugins)
  File "/home/ec2-user/.local/share/letsencrypt/local/lib/python2.7/dist-packages/certbot/main.py", line 555, in obtain_cert
_, action = _auth_from_domains(le_client, config, domains, lineage)
  File "/home/ec2-user/.local/share/letsencrypt/local/lib/python2.7/dist-packages/certbot/main.py", line 94, in _auth_from_domains
lineage = le_client.obtain_and_enroll_certificate(domains)
  File "/home/ec2-user/.local/share/letsencrypt/local/lib/python2.7/dist-packages/certbot/client.py", line 276, in obtain_and_enroll_certificate
certr, chain, key, _ = self.obtain_certificate(domains)
  File "/home/ec2-user/.local/share/letsencrypt/local/lib/python2.7/dist-packages/certbot/client.py", line 247, in obtain_certificate
self.config.allow_subset_of_names)
  File "/home/ec2-user/.local/share/letsencrypt/local/lib/python2.7/dist-packages/certbot/auth_handler.py", line 74, in get_authorizations
self._respond(resp, best_effort)
  File "/home/ec2-user/.local/share/letsencrypt/local/lib/python2.7/dist-packages/certbot/auth_handler.py", line 131, in _respond
self._poll_challenges(chall_update, best_effort)
  File "/home/ec2-user/.local/share/letsencrypt/local/lib/python2.7/dist-packages/certbot/auth_handler.py", line 195, in _poll_challenges
raise errors.FailedChallenges(all_failed_achalls)
FailedChallenges: Failed authorization procedure. xxxxxxxxxxxxxxxxxxxx.com (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: DNS problem: SERVFAIL looking up A for xxxxxxxxxxxxxxxxxxxx.com

If you have an idea.... I'm completly lost

Answer 1

The issue was due to DNSSEC. DNSSEC was activated on the domain because my first registrar could support this option. When I change my registrar for Amazon Route 53, DNSSEC was still activated but Amazon Route 53 don't support this option. Instead of remove the option or a clear warning, Amazon put this information in a tooltip of a lost page... "DNSSEC is activated but not yet supported by Route 53" UI is not their best skill.

Thanks for your help anyway !

Answer 2

Two things can happened to result in such error: - You domain DNS records are too new and not listed on all DNS servers yet. If the problem is this, it would be soled by itself if you give it some time such as 2days. - DS record stops your domain from being validated. This was my case and one of my .eu domains couldn't go through Let's Encrypt certbot. I wasn't aware that there is a DS record among my DNS records for this domain. As soon as I removed it, my domain get verified ad installed SSL Certs using certbot. To check for this problem login to your domain panel. Go to DNS Zone File. Look for DS record. Remove and save your Zone File if there is any record there. If this is difficult for you, try to register your domain at cloudflare.com. If your domain has DS record Cloudflare will email you about it.

I hope it helps you.