Cert issue , certificate stuck in pending state

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: www.carrefouruae.com

We getting a message"2020-07-03 16:29 GMT Let’s Encrypt: Order\u0027s status ("

You need to ask Akamai to look into it.

Let’s Encrypt orders don’t get “stuck” in a pending state, this is something that is local to the Akamai ACME client and they would be able to check the status of your order internally.

The error message Akamai gets back from LE is
{“message”:“urn:ietf:params:acme:error:caa”,“detail”:“Error finalizing order :: While processing CAA for www.carrefourjordan.com: DNS problem: SERVFAIL looking up CAA for carrefourjordan.com - the domain\u0027s nameservers may be malfunctioning”}

Order URL: https://acme-v02.api.letsencrypt.org/acme/order/131/4110433235

What is the proper lookup we should do for CAA records so we can avoid this issue? I am assured that none of the domains in this order have CAA records.

Akamai retried this with a new order and this time it succeeded. Nothing changed about the CAA records, as far as I know.

New order URL: https://acme-v02.api.letsencrypt.org/acme/order/131/4114006495

Hi @tiday

checking your domain that's curious. Unboundtest - no error, not non-www, not www. Same with a local unbound-instance.

But checking your domain via https://check-your-website.server-daten.de/?q=carrefourjordan.com there is a problem visible.

One name server is buggy:

2020-07-08.carrefourjordan.com451×835 16.9 KB

Some X - Warnings:

So checking the CAA record if that name server is used -> Servfail. If other name servers used -> no problem.