Error: Could not verify domain DNS records are set correctly

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g., so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command: n/a

It produced this output: n/a

My web server is (include version): Apache/2.4.7

The operating system my web server runs on is (include version): Ubuntu 14.04.5 LTS (GNU/Linux 4.4.0-78-generic x86_64)

My hosting provider, if applicable, is: Bytesized Hosting,

I can login to a root shell on my machine (yes or no, or I don’t know): no

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): yes, custom built docker portal

Bytesized Hosting offers SSL certificates via letsencrypt. I originally added my domain on their portal and it worked, this cert expired in August, I went to renew and now I receive “Error: Could not verify domain DNS records are set correctly.”. They found “Could not verify domain” in the logs along with “Error: {“type”=>“urn:acme:error:connection”, “detail”=>“DNS problem: SERVFAIL looking up CAA for”, “status”=>400}”

Let me know if you need any more info and I will reach out to my hosting provider. Thanks.

There’s definitely at least one thing off with the DNS records for that domain name.

There’s a CNAME record for pointing at That’s not a valid configuration. (The zone apex has NS and SOA records, and having a CNAME alongside most record types is against the rules.)

If you change the CNAME to an A record everything may start to work. I’m not sure if there are other issues.

Edit: Additionally:             1799    IN      NS is delegated to a single nameserver, that refuses queries for it.

1 Like

Thanks for the reply! I removed the NS record as I use Namecheap’s servers. I changed www and @ to point at Bytesized Hosting. I already had pointed at their server.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.