DNS problem: SERVFAIL looking up CAA ... but resolves to the right IP

While trying to activate Let’s Encrypt for an hostname, we are getting the error below:

2017/07/27 02:25:42 http: TLS handshake error from [stats.coolcalc.com] failed to get certificate: acme: Error 400 - urn:acme:error:connecti
on - DNS problem: SERVFAIL looking up CAA for stats.coolcalc.com
Error Detail:
Validation for stats.coolcalc.com:443
Resolved to:

When searched this forum, I see that this error is expected if the DNS to the hostname is not resolved. Yet, the response above states that it resolves. And, I can’t see any issues when checked with http://intodns.com/coolcalc.com .

I would love to get your help on clarifying the reason behind the issue. Thanks so much,


The DNS service being used by that domain has an assortment of problems, particularly with CAA.

The service needs to be fixed, or the domain needs to be moved to a different DNS provider.

1 Like

Thanks very much for the fast response and we’ll be checking the issue now.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.