Hi, I have problems to renew via AutoSSL the Let´sEncrypt certificate of my site: entrenandofacilitadores.com, which worked fine ( I think) until I changed de DNS Nameservers indicated by my hosting provider.
This domain, is configurated as an ADDOn Domain of an main domain.
I wil be grateful to receive help, since I do not dominate this topic in depth.
An error occurred the last time AutoSSL ran, on 31 de octubre de 2018:_
MASTER DCV: DNS problem: SERVFAIL looking up A for entrenandofacilitadores.com (urn:acme:error:dns) DNS problem: SERVFAIL looking up TXT for _acme-challenge.entrenandofacilitadores.com (urn:acme:error:dns)
Note: in the Zone editor of my domain, I see an A Record for: entrenandofacilitadores.com, and a TXT Record for: _acme-challenge.entrenandofacilitadores.com.
My web server is (include version):
The operating system my web server runs on is (include version):
Versión Apache:2.4.35
Versión PHP:5.6.38
Versión MySQL:5.6.41
Arquitectura:x86_64
Sistema operativo:linux
Dirección IP compartida:192.154.97.34
My hosting provider, if applicable, is:Lifetime.hosting
I can login to a root shell on my machine (yes ):
I’m using a control panel to manage my site: Cpanel version 76.0 (build 1)
checked with nslookup - no problem. But checked with letsdebug:
DNS response for entrenandofacilitadores.com had fatal DNSSEC issues: validation failure <entrenandofacilitadores.com. CAA IN>: No DNSKEY record from 167.99.13.233 for key entrenandofacilitadores.com. while building chain of trust
You have to either remove the DS record at your domain registrar (CDmon) to completely disable DNSSEC, or enable it at your DNS provider (Lifetime.Hosting), if they support it. (You may have to change the DS record, too.)
Watching my Registrar (CDmon), I didn´t find any DS Record and DNSSEC function, and in my DNS provider I did´n t see that suport it.
I will continue investigating to find some clue.
Thanks again, if you have any other possible idea.