When trying to request a new certificate for a newly added host to my domain I keep running into SERVFAIL errors. I am doing this using the LE module for Ansible, and I’ve been using this for quite some time now, so I’m less inclined to think the issue is in the software.
- My current list of certificates (yes, there are a few doubles, those are different key types):
- The DNSSEC report of my domain:
- A list of random DNS resolvers querying my domain for it’s CAA:
- The domainname in question: auth-zm1.element-networks.nl
From what I can see is that I’m doing everything right, DNSSEC checks out, CAA is defined etc… What is the LE resolver doing differently then the rest of the world?
The only difference is that this is the first certificate I am requesting with a dash in the name.
Thanks in advance!