Acme: error code 400

My domain is: aberfeldysteamie.co.uk and another one same issue nopressureclean.co.uk

I was trying to make SSL certification in cpanel for my domain but I keep getting this error.

acme: error code 400 urn:ietf:params:acme:error:dns: DNS problem: SERVFAIL looking up A for aberfeldysteamie.co.uk - the domains nameservers may be malfunctioning (order URL: https://acme-v02.api.letsencrypt.org/acme/order/96631444/5216510182)

If I click on the link below it says invalid is that mean the ssl status is invalid or the domain itself?

Please advice
Thanks

Hi @fbnhosting

there is a check of your domain, created yesterday - https://check-your-website.server-daten.de/?q=aberfeldysteamie.co.uk

Your DNSSEC is broken:

So there is an ip address, but Letsencrypt can't use it -> Servfail.

Remove your DNSSEC or update it, so it's a valid DNSSEC configuration.

Thanks for your quick reply, I went to check it in cpanel and I can generate a DNSSEC key but I have to let my registrar finish it.
Once they made what they have to I will try it again.

PS: In this case the nopressureclean.co.uk domain could be the same issue?

Thanks

See your check result - https://check-your-website.server-daten.de/?q=nopressureclean.co.uk

Same message:

Fatal error: Parent zone has a signed DS RR (Algorithm 13, KeyTag 31841, DigestType 2, Digest O1m+IDPSV2PB7AcP4+YFiZSsOvPgndH5lnSALdHu9d4=), but the destination DNSKEY doesn't exist or doesn't validate the DNSKEY RR set. No chain of trust created.

If there is a DS in the parent zone, there must be a DNSKEY in the current zone with matching values, that DNSKEY must validate the DNSKEY set.

If not, there is no chain of trust -> DNSSEC is broken.

Again, thanks for your quick replay
Hope this information will help to fix the issue.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.