DNS problem: SERVFAIL looking up CAA for helpdesk.example.com
Error Output:-
Your system is not supported by certbot-auto anymore.
Certbot will no longer receive updates.
Please visit https://certbot.eff.org/ to check for other alternatives.
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for helpdesk.example.com
Enabled Apache rewrite module
Waiting for verification...
Challenge failed for domain helpdesk.example.com
http-01 challenge for helpdesk.example.com
Cleaning up challenges
Some challenges have failed.
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: helpdesk.example.com
Type: dns
Detail: DNS problem: SERVFAIL looking up CAA for
helpdesk.example.com - the domain's nameservers may be
malfunctioning
[root@letsencrypts-custom ~]# dig helpdesk.example.com caa
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.60.amzn1 <<>> helpdesk.example.com caa
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 54809
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;helpdesk.example.com. IN CAA
;; Query time: 761 msec
;; SERVER: 172.16.0.2#53(172.16.0.2)
;; WHEN: Tue Feb 9 09:43:00 2021
;; MSG SIZE rcvd: 38
But I’ve no idea why the certificate could not be generated.
Thanks for help