DNS problem: SERVFAIL looking up A for astrophoenix.com

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: astrophoenix.com

I ran this command:

certbot certonly --agree-tos --rsa-key-size 4096 --renew-by-default -m kevin@astrophoenix.com --webroot -w /home/kevin/public_html/ -d astrophoenix.com --renew-by-default --test-cert

It produced this output:

Failed authorization procedure. astrophoenix.com (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: DNS problem: SERVFAIL looking up A for astrophoenix.com


My web server is (include version):

apache 2.4.18-2ubuntu3.5

The operating system my web server runs on is (include version):

ubuntu 16.04

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no


The domain has DS records, indicating it supports DNSSEC.

$ dig +dnssec +short astrophoenix.com ds
453 7 1 E2E8B2A9570CC6C7A29FEA758355F6F6BF8F8AA6
39585 7 1 FCF1499B0169803982B98D58FDB80824AD6332CD
DS 8 2 86400 20171101042249 20171025031249 11324 com. fpcG4ElaWkU8PQX7BI66NUp3iRSvxwsETv0ypTTOfJTAA0y5GvINQJol z7dIPXiAnXzdvR2an+y7ucqj35AR7oUtFZEWPtRXEn7fkiCbxtSfupW0 ekUxpMP9UZVLLkfpGjKH+2UC1loZd79Lw5e+vWRRI7H6Iqw5Sxk2N4bt VlM=

However, the domain’s authoritative DNS servers are not doing DNSSEC.

$ dig +cd +dnssec +short astrophoenix.com dnskey

You need to set up DNSSEC on the DNS servers, or go to your registrar and remove the DS records.


thank you, that worked. I have a cert now!

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.