Solved! Thanks for all the help.


According to DNSViz (just ran it), your (sub)domain(s) still has/have DNSSEC issues.

I’m also seeing the DS record for your domain when I do a dig vpn.ciehanski.com.


I just disabled it maybe 30 minutes ago so maybe it hasn’t propagated. I use namecheap though and it would only allow me to delete the CloudFlare DS record and not the default one, but either way it should be disabled on both my registar and CloudFlare. Is DNSSEC my issue? Cause I saw someone else disabled it and then everything worked.


If I were you, I’d enable DNSSEC, at least, if it’s correct. Now there’s a DS record in the .com root server which is still there according to the +trace. So not disabled there. And this is causing problems.

According to @jsha’s comment in a Github issue about DNS failures, Let’s Encrypt does validate DNSSEC and as DNSViz gives DNSSEC errors for your domain, that could be the problem here.


Ahhhhh I see. I’ll reenable and try to configure correctly. Thanks for your help.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.