Can't Issue a certificate for a test domain

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: www.tyt.com.ye

I ran this command: Let’s Encrypt Cert request through Plesk

It produced this output:
Could not issue an SSL/TLS certificate for tyt.com.ye
Details

Could not issue a Let’s Encrypt SSL/TLS certificate for tyt.com.ye . Authorization for the domain failed.
Details

Invalid response from https://acme-v02.api.letsencrypt.org/acme/authz-v3/3812788469.

Details:

Type: urn:ietf:params:acme:error:dns

Status: 400

Detail: DNS problem: query timed out looking up CAA for com.ye

My web server is (include version): Plesk Obsidian

The operating system my web server runs on is (include version): Cloudlinux

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): Plesk Obsidian

1 Like

Hi @moayedyagout

the name server of com.ye is buggy. Checking your domain - https://check-your-website.server-daten.de/?q=tyt.com.ye

X Fatal error: Nameserver doesn’t support TCP connection: sah1.ye: ServerFailure
X Fatal error: Nameserver doesn’t support TCP connection: sah1.ye / 195.94.0.34: ServerFailure
X Fatal error: Nameserver doesn’t support TCP connection: sah1.ye / 2a02:e280:8:d000::34: ServerFailure
X Fatal error: Nameserver doesn’t support TCP connection: sah2.ye / 2a02:e280:8:d000::35: Timeout
X Nameserver Timeout checking Echo Capitalization: sah2.ye / 2a02:e280:8:d000::35
X Nameserver Timeout checking EDNS512: sah2.ye / 2a02:e280:8:d000::35

The CAA check has no error, the TXT check has a lot of errors:

Server failure - The name server was unable to process this query due to a problem with the name server

If possible, create a CAA entry with tyt.com.ye.

Then the CAA entry of com.ye isn’t checked.

If that’s not possible, that’s bad.

2 Likes

excuse my lack of knowledge,

Let me state what I understood from your reply.

My NameServer ( SAH1.YE ) has bugs and it cannot perform TCP connections? any ideas how to fix this ?
and how should my zone file ( tyt.com.ye ) be written? is there something I must add?
what’s a CAA? is it a record I need to add to my zone file? and if yes, what should I add ?

Thank You

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.