DNS problem. I have A record, what else?

I’m using https://github.com/srvrco/getssl
When I run it for getting certificate for my site, it outputs “DNS problem” error (I think it is response from letsencrypt). I have DNS A record for that domain with the right IP address. Maybe i should change something or something is missing?

We’re going to need more information than you’re providing to assist with this. Perhaps you could fill out the starter questions presented when you created this topic? They’re provided as guidelines for what sort of information is necessary to troubleshoot most issues.

In particular, knowing your domain and what command you ran would be a pretty base requirement to assist, especially with DNS issues.

My domain: wearebrighter.com
Ran command: getssl wearebrighter.com

Can you provide the exact output of that command?

wearebrighter.com: no certificate obtained from host
Registering account
Verify each domain
Verifying wearebrighter.com
copying challenge token to %PATH_TO_THE_TOKEN_(I_WON’T_LEAVE_IT_HERE)%
getssl: wearebrighter.com:Verify error: "DNS problem

That domain’s using Namebright DNS, and it looks like they haven’t fixed their CAA problems (or their other problems).

Without the full error message it’s hard to be sure, but that’s likely the problem…

1 Like

It’s almost certainly the CAA issue. I just tested and the authoritative nameservers respond to CAA requests with NOTIMP, which I believe is a failure condition for certificate authorization purposes.

@artem.komarov, you should lodge a support issue with your DNS provider and ask them to properly respond to CAA record queries. They will need to get this resolved soon in order to comply with the CA/Browser Forum deadline of September 8th for CAA record checking being mandatory.

1 Like

@artem.komarov - You might also find our new documentation page about CAA to be a helpful resource for this support discussion.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.