Error: Could not issue a Let's Encrypt SSL/TLS certificate for Authorization for the domain failed

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g., so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:
Invalid response from
Type: urn:acme:error:connection
Status: 400
Detail: dns :: DNS problem: SERVFAIL looking up A for

My web server is (include version):

The operating system my web server runs on is (include version): Ubuntu 16.04

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): Plesk Onyx 17.8.11

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

i have put the NS1+NS2 to
with the IP of my server of Plesk and I have created all DNS correctly.

i had this problem when I migrate to a new server, I was using DNSSEC in Plesk panel.

You gotta setup glue records for and at your registrar.

1 Like

can you please provide me of a way to do it?

Ask your domain registrar how to do it. I think your registrar is , but I’m not sure.

Hi @xpalestinex

now you have changed something, so your ip address is visible:

Host T IP-Address is auth. ∑ Queries ∑ Timeout A yes 2 0
AAAA yes C yes 1 0
A yes

But your nameserver doesn’t allow TCP-connections:

X Fatal error: Nameserver doesn’t support TCP connection: / Timeout
X Fatal error: Nameserver doesn’t support TCP connection: / Timeout

That may be the next problem creating a certificate.

1 Like

I think my host server has updated the DNS configs again and it is working now.
thanks everybody

1 Like

A nameserver uses port 53 - UDP and TCP.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.