Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: www.gov.co
I ran this command: is a Akamai certificate
we need status of request.
that's a known problem. The gov.co zone has a completely wrong SOA entry:
A domain with the suffix
.local can't be a public visible domain.
A name server with that suffix isn't visible.
--> It's a completely wrong configuration.
PS: There were older topics with the same problem -
SOA record shouldn’t be a problem. It’s weird, but regular DNS resolution doesn’t do anything with the
There’s also an
NS record for
acadcpr30.mcdmintic.local. That’s not good, but it shouldn’t cause significant problems.
However, that leaves the
www.gov.co zone with one real nameserver,
I think the problem is that that nameserver does not support TCP.
The NODATA response for
CAA – i.e. “
dig +dnssec +norecurse @220.127.116.11 www.gov.co caa” – is 539 bytes.
Let’s Encrypt’s resolvers use a maximum size of 512 bytes, otherwise TCP must be used.
@mresendiz, you should fix TCP support on your nameserver and get Akamai to try again. (You should also get more nameservers!)
shows an NS: acadcpr30.mcdmintic.local
That should probably NOT be shown on the public side.
is even worse:
gov.co has a
CNAME record pointing to
www.gov.co. It’s unusual but valid.
Yes “I” saw that - but it seems that “others” don’t look as closely nor like what they see.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.