Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: nicosiamarathonrun.com

I ran this command: certbot --expand -d www.nicosiamarathonrun.com

It produced this output: DNS problem: SERVFAIL looking up A for nicosiamarathonrun.com

My web server is (include version): Apache

The operating system my web server runs on is (include version): Ubuntu

My hosting provider, if applicable, is: DigitalOcean

I can login to a root shell on my machine : yep yep

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

Now… I ran the site through the checker:

https://letsdebug.net/nicosiamarathonrun.com/74251?debug=y

And as of now, the challange is failing. I tried setting the WordPress URL to be nicosiamarathonrun.com but that still kept producing the same error. Now I set it back to our. staging server, so we don’t get people the SSL error message

Full info:

Main Domain: nicosiamarathonrun.com
Staging: nicosia.codeero.dev
Wordpress URL: nicosia.codeero.dev

Hi @julianengel

your name server configuration is buggy - https://check-your-website.server-daten.de/?q=nicosiamarathonrun.com

Fatal: Inconsistency between delegation and zone. The set of NS records served by the authoritative name servers must match those proposed for the delegation in the parent zone.: dns083.d.register.com (216.21.236.83): Delegation: dns1.register.com,dns2.register.com, Zone: dns016.c.register.com,dns043.a.register.com,dns083.d.register.com,dns224.b.register.com

The name servers from register.com are known as buggy. EDNS-checks are incomplete.

The name servers listet in the parent zone should be the same list, asking one of these name servers.

Options: Change your domain provider.

Hi!

Thanks so much for your swift reply! Would simply changing the name servers resolve this issue?

Uff… This is a client with an existing domain unfortunately…

May be. The name server configuration shouldn't be so buggy.

Most name servers are good. But that's

Fatal: Inconsistency between delegation and zone.

bad. Read

https://www.iana.org/help/nameserver-requirements

Consistency between delegation and zone

The set of NS records served by the authoritative name servers must match those proposed for the delegation in the parent zone.

So it's a basic requirement -> if that hoster has so bad name servers, change the hoster -> or accept the problems.

Yes… It was.

It unfortunately was. What solved this issue for us was changing the nameservers to Cloudflare. It was quick, it was free… and it fixed the issue. 2 hours later we had an SSL certificate.

Now that we’re up and running, we can

bad. Read

Yes… It was.

May be. The name server configuration shouldn’t be so buggy.

It unfortunately was. What solved this issue for us was changing the nameservers to Cloudflare. It was quick, it was free… and it fixed the issue. 2 hours later we had an SSL certificate.

Now that we’re up and running, we can look at transfering the domain to a proper registrar.

Thank you once again!

@JuergenAuer, @julianengel
I just came across this regarding a security breach at Register.com (and NetworkSolutions.com and Web.com) that had occurred back in August. It’s suggested you reset your password with them.
https://krebsonsecurity.com/2019/10/breaches-at-networksolutions-register-com-and-web-com/

Happy to read that it has worked.

Yep, buggy name servers are terrible. And they may block creating certificates.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.