DNS problem: SERVFAIL looking up A for www.cnc-watercut.com


we’re trying to issue a certificate for www.cnc-watercut.com, but get a DNS error.

DNS is set up and answers external requests correctly.

My domain is:

I ran this command:
certbot certonly --webroot -w /home/cnc-watercut/www.cnc-watercut.com/htmldocs -d www.cnc-watercut.com -d cnc-watercut.com --dry-run

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for cnc-watercut.com
http-01 challenge for www.cnc-watercut.com
Using the webroot path /home/cnc-watercut/www.cnc-watercut.com/htmldocs for all unmatched domains.
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. www.cnc-watercut.com (http-01): urn:ietf:params:acme:error:dns :: DNS problem: SERVFAIL looking up A for www.cnc-watercut.com, cnc-watercut.com (http-01): urn:ietf:params:acme:error:dns :: DNS problem: SERVFAIL looking up A for cnc-watercut.com


My web server is (include version): apache24-2.4.29

The operating system my web server runs on is (include version): FreeBSD 10.4-RELEASE-p3

My hosting provider, if applicable, is: pitcom

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

Thanks for your help.

Kind regards

Stefan Krause
pitcom GmbH


  1. You have DNSSEC enabled at the domain registrar
  2. Your nameservers are not setup to sign the zone

So you will either need to disable DNSSEC at the registrar, or configure your nameservers to sign your zone.


Thank you,

the certificate was issued.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.