DNS problem: SERVFAIL looking up A

My domain is: zen-works.de www.zen-works.de

I ran this command: cerbot --apache

It produced this output: Failed authorization procedure. zen-works.de (http-01): urn:ietf:params:acme:error:dns :: DNS problem: SERVFAIL looking up A for zen-works.de - the domain’s nameservers may be malfunctioning

My web server is (include version): apache 2.4

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):ispconfig 3.1

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):certbot 0.31.0

There are averal new websites on this server cerificate creation works fine.
the zen-works domain is move from an other server with other IP. My be thats the problem. The DNS records a ok and were changed yesterday to the new ip. my browser finds the website under the new ip. Did check the domain at dnsstuff.com not failure or warnings.
Need help hint.
Thanks
Rainer

Hi @muekno

your DNSSEC is broken - https://check-your-website.server-daten.de/?q=zen-works.de

2020-02-19.zen-works.de

Your parent zone has a DS -> so your zone must use DNSSEC.

But there is no DNSKEY -> that’s fatal.

So a validating DNS resolver can’t find an ip address.

Did you change your dns provider? Old - with DNSSEC, new - not?

Your dns provider must

  • remove the DS in the parent zone (or, better)
  • add a complete signed zone

Thank you, it is fixed now. I do not user DNSSEC but I found there was an entry and deleted it. So now it works. Normaly I check my domains with DNSSTUFF.COM tools they just say no DNSSEC in use.
Thank you

Rainer

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.