Azuracast letsencrypt error

insha · April 21, 2026, 9:53am

I ran this command:

It produced this output:
[2026-04-21T09:50:01.667027+00:00] AzuraCast.DEBUG: ACME: Using directory URL: https://acme-v02.api.letsencrypt.org/directory
[2026-04-21T09:50:03.942098+00:00] AzuraCast.ERROR: ACME Error: Challenge validation failed: DNS problem: looking up A for stream.balkandj.com: DNSSEC: DNSKEY Missing: validation failure <stream.balkandj.com. A IN>: No DNSKEY record [misc failure] from 173.208.224.207 for key balkandj.com. while building chain of trust; DNS problem: looking up AAAA for stream.balkandj.com: DNSSEC: DNSKEY Missing: validation failure <stream.balkandj.com. AAAA IN>: No DNSKEY record [misc failure] from 173.208.224.208 for key balkandj.com. while building chain of trust (urn:ietf:params:acme:error:dns) {"exception":"[object] (skoerfgen\ACMECert\ACME_Exception(code: 0): Challenge validation failed: DNS problem: looking up A for stream.balkandj.com: DNSSEC: DNSKEY Missing: validation failure <stream.balkandj.com. A IN>: No DNSKEY record [misc failure] from 173.208.224.207 for key balkandj.com. while building chain of trust; DNS problem: looking up AAAA for stream.balkandj.com: DNSSEC: DNSKEY Missing: validation failure <stream.balkandj.com. AAAA IN>: No DNSKEY record [misc failure] from 173.208.224.208 for key balkandj.com. while building chain of trust (urn:ietf:params:acme:error:dns) at /var/azuracast/www/vendor/skoerfgen/acmecert/src/ACMEv2.php:144)"}

My web server is (include version):
Nginx
The operating system my web server runs on is (include version):
Ubuntu 22.04
My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):
Yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
Azuracast
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
I don't know

I have tried other domains with a record point on it and I can generate sal
Just with this one I have error from last year,I just don't want to generate certificate

Osiris · April 21, 2026, 10:44am

Your DNSSEC is messed up. See stream.balkandj.com | DNSViz for more info.

Specifically, the .com. zone expects balkandj.com. to be DNSSEC enabled, but it's not.

insha · April 21, 2026, 10:59am

Thank you,whoever you are

Osiris · April 21, 2026, 11:27am

Note that this is not a Let's Encrypt isolated problem: if users with a DNSSEC enabled DNS resolver try to access your site, they'd get an DNS error, even before the whole TLS certificate stuff gets into play.

insha · April 21, 2026, 8:42pm

Oh how can we prevent this in future ?

Osiris · April 21, 2026, 8:43pm

Fix DNSSEC for your domain by either adding it to your zone or removing the DS record for your domain from the .com. zone.

insha · April 21, 2026, 9:04pm

Do you know powerdns ?

Osiris · April 21, 2026, 9:34pm

Configuring a DNS server is outside of the scope of this Community.

MaxHearnden · April 21, 2026, 10:21pm

It can also be hard to diagnose PowerDNS issues as it keeps a lot of its state and config in a database which can hide issues unless you can understand the database.

If you're looking for suggestions, I'd suggest bind (BIND 9 - ISC) or knot-dns (https://www.knot-dns.cz/).

Topic		Replies	Views
DNS-01 challenge problem with Azure DNS Zone Help	15	5173	July 15, 2018
Error when activating Let's encrypt certificate Help	5	173	November 22, 2025
DNSLookup Failed: No DNSKEY record Help	5	4770	February 27, 2022
Problem with DNS of my Website Help	3	888	July 26, 2018
Error: Let's Encrypt validation status 400 Help	4	21351	September 13, 2019

Azuracast letsencrypt error

Related topics