Error: Could not verify domain DNS records are set correctly

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: udz.cc

I ran this command: n/a

It produced this output: n/a

My web server is (include version): Apache/2.4.7

The operating system my web server runs on is (include version): Ubuntu 14.04.5 LTS (GNU/Linux 4.4.0-78-generic x86_64)

My hosting provider, if applicable, is: Bytesized Hosting, https://bytesized-hosting.com

I can login to a root shell on my machine (yes or no, or I don’t know): no

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): yes, custom built docker portal

Bytesized Hosting offers SSL certificates via letsencrypt. I originally added my domain on their portal and it worked, this cert expired in August, I went to renew and now I receive “Error: Could not verify domain DNS records are set correctly.”. They found “Could not verify domain bysh.udz.cc” in the logs along with “Error: {“type”=>“urn:acme:error:connection”, “detail”=>“DNS problem: SERVFAIL looking up CAA for udz.cc”, “status”=>400}”

Let me know if you need any more info and I will reach out to my hosting provider. Thanks.

There’s definitely at least one thing off with the DNS records for that domain name.

http://dnsviz.net/d/udz.cc/dnssec/

There’s a CNAME record for udz.cc. pointing at www.udz.cc.. That’s not a valid configuration. (The zone apex has NS and SOA records, and having a CNAME alongside most record types is against the rules.)

If you change the CNAME to an A record everything may start to work. I’m not sure if there are other issues.

Edit: Additionally:

www.udz.cc.             1799    IN      NS      ns1.x10hosting.com.

www.udz.cc. is delegated to a single nameserver, that refuses queries for it.

1 Like

Thanks for the reply! I removed the NS record as I use Namecheap’s servers. I changed www and @ to point at Bytesized Hosting. I already had bysh.udz.cc pointed at their server.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.