I have difficulties to renew my wildcard cert for domain gammaconsult.com.
I receive SERVFAIL for CAA checks and don’t know how to fix this.
We are using Microsoft server 2019 DNS Server with DNSSEC. I do’'n have any idea why your system did not pass CAA check but some others do like:https://gf.dev/dns-caa-lookup or https://www.nethub.com.hk/en/ssl-certificates/caa-record-checker/ do!?
My domain is: gammaconsult.com
I ran this command: https://dnsspy.io/labs/caa-validator
It produced this output:
CAA record check for gammaconsult.com
Raw CAA records
These CAA records were detected on the domain gammaconsult.com and are presented as-is.
Interpreted CAA records
Here’s what the found CAA records mean.
The following Certificate Authorities can issue wildcard certificates ( *.gammaconsult.com ).
The CAA validator is still in beta. Found an error? Let us know so we can fix it - thanks!
« Back to the CAA validator.
My web server is (include version): IIS 8.5
The operating system my web server runs on is (include version): Windows Server 2012R2
My hosting provider, if applicable, is: Network Solutions but DNS Server is ours
I can login to a root shell on my machine (yes or no, or I don’t know): yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of
certbot --version or
certbot-auto --version if you’re using Certbot): Certify SSL/TLS Certificate Manager 184.108.40.206