Reattempt dns lookup

Sometimes when creating SSL certificates it will print
Letsencrypt_Module::_verifyIP(): DNS resolver failed to return answer in 1500ms"

It’s rare and I’m using the default, DNS. If I try to create the certificate again it works.

A similar error can sometimes be seen when visiting Help > Setup Instructions. My feature request is that if the DNS resolver failed to return an answer, that it would reattempt it again before printing this error. While it may only be an inconvenience at ssl creation this might cause renewal to fail

Retrying the request would be the same as setting a higher timeout value.

This can be changed globally in config.ini:

cpcmd scope:set cp.config dns lookup_timeout 3000

Alternatively you may want to use DNS servers that have better ping response for your region. has tools to evaluate latency lookup as well as public resolver performance.

The default resolver nameservers can be overridden by setting dns_robust_nameservers:

cpcmd scope:set cp.bootstrapper dns_robust_nameservers '[,]' 
upcp -sbf common/update-config

Nameserver used by systemd-resolved in turn may be verified with resolvectl.