DNS problem: SERVFAIL looking up A (broken DNSSEC)

Hello i’ve see same problem i cannot add LetS Encrypt ssl for my domain.
How Can I do ?

Error: Could not issue a Let’s Encrypt SSL/TLS certificate for cepforum.com . Authorization for the domain failed.
Details

Invalid response from https://acme-v02.api.letsencrypt.org/acme/authz-v3/1056205295.
Details:
Type: urn:ietf:params:acme:error:dns
Status: 400
Detail: DNS problem: SERVFAIL looking up A for cepforum.com

Hi @netcommander

your DNSSEC is broken - https://check-your-website.server-daten.de/?q=cepforum.com

com

Your parent zone has two DS RR, but your zone doesn’t have the required DNSKEY set.

Same result using https://dnssec-analyzer.verisignlabs.com/cepforum.com

So there is no chain of trust, so it’s not possible to find a signed A- or AAAA-record (ip address).

Did you change your hoster? Perhaps your old hoster had DNSSEC support, your new not -> your new hoster must remove the DS records in the parent zone or add a correct DNSSEC to your zone.

PS: I’ve moved your question to a new topic. The other topic - there were buggy name servers. Your topic - DNSSEC is broken.

1 Like

https://www.godaddy.com/help/manage-dnssec-for-my-domain-6115
https://www.godaddy.com/help/dnssec-faq-6135

Did you switch from “Premium DNS”?

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.