Error creating www certificate

Hello

In IIS when i try to generate certificate to plataformatreball.cat I have no problem

But when add binding www.plataformatreball.cat i see the error:
Authorize identifier: www.plataformatreball.cat Authorizing www. plataformatreball.cat using http-01 validation (SelfHosting) { “type”: “urn:ietf:params:acme:error:dns”, “detail”: “DNS problem: SERVFAIL looking up CAA for www. plataformatreball.cat the domain’s nameservers may be malfunctioning”, “status”: 400
Authorization result: invalid

What am I doing wrong? Thx

Hi @scascalesageinfoes

your www version isn't defined - https://check-your-website.server-daten.de/?q=agetest.ageinfo.es

So the CAA RR isn't defined too -> NXDomain.

Looks like the tool you use doesn't understand that.

If you want to use http validation, first step: Add an A record with the www version.

Sorry. I have put wrong the url. Now is correct

Your name server software is buggy, so the DNSSEC answers are wrong, NoData-Proof isn't possible. See your check, some days old - https://check-your-website.server-daten.de/?q=plataformatreball.cat

Your non-www works. Your www doesn't work:

Same with Unboundtest - https://unboundtest.com/m/CAA/www.plataformatreball.cat/2NEUUSVX

Jun 22 10:38:14 unbound[16717:0] info: validate(nodata): sec_status_bogus

Result:

Query results for CAA www.plataformatreball.cat

Response:
;; opcode: QUERY, status: SERVFAIL, id: 65316
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.plataformatreball.cat. IN CAA

• try to add a CAA record with the www domain name, if that works, a NoData validation isn't required,
• disable DNSSEC (not really good)
• your dns provider must update the software (may be impossible, send them a link to this topic),
• change your dns provider (may be impossible).

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.