https://gitlab.torproject.org TLS cert failed renewal (because of dip?)
Processing gitlab.torproject.org with alternative names: dip.torproject.org
+ Checking domain name(s) of existing cert... unchanged.
+ Checking expire date of existing cert...
+ Valid till Mar 14 08:07:39 2021 GMT (Less than 30 days). Renewing!
+ Signing domains...
+ Generating signing request...
+ Requesting new certificate order from CA...
+ Received 2 authorizations URLs from the CA
+ Handling authorization for dip.torproject.org
+ Handling authorization for gitlab.torproject.org
+ 2 pending challenge(s)
+ Deploying challenge tokens...
Adding challenge '_acme-challenge.dip.torproject.org. 60 IN TXT "D9Erb0N2FLwG_bomm9PQIgVeozAq2pkHgQfp9BasCdA"' for dip.torproject.org.
Adding challenge '_acme-challenge.gitlab.torproject.org. 60 IN TXT "SsI-tcqhJBwjSLdTZOPQw8zHIGXCAD0ebzYflXLfHvs"' for gitlab.torproject.org.
2021-02-13 02:00:36 /srv/dns.torproject.org/bin/update: ***** start of script *****
2021-02-13 02:00:36 /srv/dns.torproject.org/bin/update: pre flock
2021-02-13 02:00:36 /srv/dns.torproject.org/bin/update: pre git pull
2021-02-13 02:00:36 /srv/dns.torproject.org/bin/update: pre update-keys
2021-02-13 02:00:39 /srv/dns.torproject.org/bin/update: pre build-services
2021-02-13 02:00:39 /srv/dns.torproject.org/bin/update: pre for loop
2021-02-13 02:00:39 /srv/dns.torproject.org/bin/update: pre write_zonefile for 0-26.72.229.38.in-addr.arpa
2021-02-13 02:00:39 /srv/dns.torproject.org/bin/update: pre write_zonefile for 0.0.0.5.a.5.0.0.0.b.6.0.1.0.0.2.ip6.arpa
2021-02-13 02:00:39 /srv/dns.torproject.org/bin/update: pre write_zonefile for 1.0.0.0.5.0.0.0.0.0.5.8.7.0.6.2.ip6.arpa
2021-02-13 02:00:39 /srv/dns.torproject.org/bin/update: pre write_zonefile for 144-28.132.35.154.in-addr.arpa
2021-02-13 02:00:40 /srv/dns.torproject.org/bin/update: pre write_zonefile for 16-28.235.45.89.in-addr.arpa
2021-02-13 02:00:40 /srv/dns.torproject.org/bin/update: pre write_zonefile for 2.8.0.0.0.0.0.5.0.0.8.8.4.0.6.2.ip6.arpa
2021-02-13 02:00:40 /srv/dns.torproject.org/bin/update: pre write_zonefile for 30.172.in-addr.arpa
2021-02-13 02:00:40 /srv/dns.torproject.org/bin/update: pre write_zonefile for 64-28.132.35.154.in-addr.arpa
2021-02-13 02:00:40 /srv/dns.torproject.org/bin/update: pre write_zonefile for 82.229.38.in-addr.arpa
2021-02-13 02:00:40 /srv/dns.torproject.org/bin/update: pre write_zonefile for b.0.0.0.0.b.6.0.0.0.0.0.0.2.6.2.ip6.arpa
2021-02-13 02:00:40 /srv/dns.torproject.org/bin/update: pre write_zonefile for onion-router.net
2021-02-13 02:00:40 /srv/dns.torproject.org/bin/update: pre write_zonefile for rev
2021-02-13 02:00:40 /srv/dns.torproject.org/bin/update: pre write_zonefile for torproject.com
2021-02-13 02:00:40 /srv/dns.torproject.org/bin/update: pre write_zonefile for torproject.net
2021-02-13 02:00:40 /srv/dns.torproject.org/bin/update: pre write_zonefile for torproject.org
2021-02-13 02:00:40 /srv/dns.torproject.org/bin/update: pre dns-update
2021-02-13 02:00:40 /srv/dns.torproject.org/bin/update: done!
2021-02-13 02:00:40 /srv/dns.torproject.org/bin/update: ***** end of script *****
Waiting for master to update torproject.org (for _acme-challenge.dip.torproject.org) from 2021021304. Currently at 2021021305..
Waiting for secondaries to update to match master at 2021021305..
Waiting for secondaries to update to match master at 2021021305..
Waiting for secondaries to update to match master at 2021021305..
Waiting for secondaries to update to match master at 2021021305..
Waiting for secondaries to update to match master at 2021021305..
Waiting for secondaries to update to match master at 2021021305..
Waiting for secondaries to update to match master at 2021021305..
Waiting for secondaries to update to match master at 2021021305..
SOA nevii.torproject.org. hostmaster.torproject.org. 2021021305 10800 3600 1814400 3601 from server 49.12.57.135 in 0 ms.
SOA nevii.torproject.org. hostmaster.torproject.org. 2021021304 10800 3600 1814400 3601 from server 194.58.198.32 in 11 ms.
SOA nevii.torproject.org. hostmaster.torproject.org. 2021021305 10800 3600 1814400 3601 from server 95.216.159.212 in 26 ms.
SOA nevii.torproject.org. hostmaster.torproject.org. 2021021305 10800 3600 1814400 3601 from server 89.45.235.22 in 29 ms.
SOA nevii.torproject.org. hostmaster.torproject.org. 2021021305 10800 3600 1814400 3601 from server 38.229.72.12 in 220 ms.
Waiting for secondaries to update to match master at 2021021305..
Waiting for secondaries to update to match master at 2021021305..
Waiting for secondaries to update to match master at 2021021305..
Waiting for secondaries to update to match master at 2021021305..
Waiting for master to update torproject.org (for _acme-challenge.gitlab.torproject.org) from 2021021304. Currently at 2021021305..
Waiting for secondaries to update to match master at 2021021305..
+ Responding to challenge for dip.torproject.org authorization...
+ Cleaning challenge tokens...
+ Challenge validation has failed :(
ERROR: Challenge is invalid! (returned: invalid) (result: ["type"] "dns-01"
["status"] "invalid"
["error","type"] "urn:ietf:params:acme:error:dns"
["error","detail"] "During secondary validation: DNS problem: query timed out looking up CAA for torproject.org"
["error","status"] 400
["error"] {"type":"urn:ietf:params:acme:error:dns","detail":"During secondary validation: DNS problem: query timed out looking up CAA for torproject.org","status":400}
["url"] "https://acme-v02.api.letsencrypt.org/acme/chall-v3/10819433720/ml4sSg"
["token"] "17YzEu6Qot2YYwVVvJaW3BiY-kZXbEKU_pdiOoIrkzk"
["validationRecord",0,"hostname"] "dip.torproject.org"
["validationRecord",0] {"hostname":"dip.torproject.org"}
["validationRecord"] [{"hostname":"dip.torproject.org"}])
not sure what's going on here... maybe it's just a timeout?