Could not issue an SSL/TLS certificate for rocavivaholding.com

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: www.rocavivaholding.com

I ran this command: create certificate

It produced this output:

Could not issue an SSL/TLS certificate for rocavivaholding.com
Details
Could not issue a Let's Encrypt SSL/TLS certificate for rocavivaholding.com . Authorization for the domain failed.
Details
Invalid response from https://acme-v02.api.letsencrypt.org/acme/authz-v3/7705666718.

Details:
Type: urn:ietf:params:acme:error:dns
Status: 400
Detail: DNS problem: SERVFAIL looking up A for rocavivaholding.com - the domain's nameservers may be malfunctioning

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is: neruhost.com

I can login to a root shell on my machine (yes or no, or I don't know): no

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

2 Likes

You've got bogus DNSSEC delegation. A good DNSSEC delegation is mandatory. See https://dnsviz.net/d/rocavivaholding.com/dnssec/ for more information.

3 Likes

Hi @Martatiach

your DNSSEC is broken - see https://check-your-website.server-daten.de/?q=rocavivaholding.com

2020-10-06.rocavivaholding.com

Your parent zone says: You use DNSSEC.

But your zone isn't signed. So Letsencrypt can't find an ip address.

Update your DNSSEC.

1 Like