DNS problem: SERVFAIL looking up CAA

DNS problem: SERVFAIL looking up CAA for helpdesk.example.com

Error Output:-

Your system is not supported by certbot-auto anymore.
Certbot will no longer receive updates.
Please visit https://certbot.eff.org/ to check for other alternatives.
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for helpdesk.example.com
Enabled Apache rewrite module
Waiting for verification...
Challenge failed for domain helpdesk.example.com
http-01 challenge for helpdesk.example.com
Cleaning up challenges
Some challenges have failed.
IMPORTANT NOTES:

  • The following errors were reported by the server:

Domain: helpdesk.example.com
Type: dns
Detail: DNS problem: SERVFAIL looking up CAA for
helpdesk.example.com - the domain's nameservers may be
malfunctioning

[root@letsencrypts-custom ~]# dig helpdesk.example.com caa

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.60.amzn1 <<>> helpdesk.example.com caa

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 54809

;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:

;helpdesk.example.com. IN CAA

;; Query time: 761 msec

;; SERVER: 172.16.0.2#53(172.16.0.2)

;; WHEN: Tue Feb 9 09:43:00 2021

;; MSG SIZE rcvd: 38

But I’ve no idea why the certificate could not be generated.

Thanks for help

Hi @saravanan

please read your own result:

A CAA query of your domain produces a SERVFAIL.

So your name server software is too old and sends the wrong result. So it's impossible to check if there is a CAA entry -> it's not possible to create a certificate.

--> Update your DNS server software or switch to another dns provider.

PS: Checked manual, only your netriplex name servers are buggy. But these are the delegated name servers, so it's fatal.

Read

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.