Error creating www certificate


In IIS when i try to generate certificate to I have no problem

But when add binding i see the error:
Authorize identifier: Authorizing www. using http-01 validation (SelfHosting) { “type”: “urn:ietf:params:acme:error:dns”, “detail”: “DNS problem: SERVFAIL looking up CAA for www. the domain’s nameservers may be malfunctioning”, “status”: 400
Authorization result: invalid

What am I doing wrong? Thx

Hi @scascalesageinfoes

your www version isn’t defined -

Host Type IP-Address is auth. ∑ Queries ∑ Timeout A Barcelona/Catalonia/Spain (ES) - CLOUDING-VM Hostname: yes 1 0
AAAA yes Name Error yes 1 0

So the CAA RR isn’t defined too -> NXDomain.

Looks like the tool you use doesn’t understand that.

If you want to use http validation, first step: Add an A record with the www version.

1 Like

Sorry. I have put wrong the url. Now is correct

Your name server software is buggy, so the DNSSEC answers are wrong, NoData-Proof isn’t possible. See your check, some days old -

Your non-www works. Your www doesn’t work:

Same with Unboundtest -

Jun 22 10:38:14 unbound[16717:0] info: validate(nodata): sec_status_bogus


Query results for CAA

;; opcode: QUERY, status: SERVFAIL, id: 65316
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0


  • try to add a CAA record with the www domain name, if that works, a NoData validation isn’t required,
  • disable DNSSEC (not really good)
  • your dns provider must update the software (may be impossible, send them a link to this topic),
  • change your dns provider (may be impossible).
1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.