Hello
In IIS when i try to generate certificate to plataformatreball.cat I have no problem
But when add binding www.plataformatreball.cat i see the error:
Authorize identifier: www.plataformatreball.cat Authorizing www. plataformatreball.cat using http-01 validation (SelfHosting) { “type”: “urn:ietf:params:acme:error:dns”, “detail”: “DNS problem: SERVFAIL looking up CAA for www. plataformatreball.cat the domain’s nameservers may be malfunctioning”, “status”: 400
Authorization result: invalid
What am I doing wrong? Thx
Hi @scascalesageinfoes
scascalesageinfoes:
www. agetest.ageinfo.es
your www version isn't defined - https://check-your-website.server-daten.de/?q=agetest.ageinfo.es
Host
Type
IP-Address
is auth.
∑ Queries
∑ Timeout
agetest.ageinfo.es
A
46.183.117.192 Barcelona/Catalonia/Spain (ES) - CLOUDING-VM Hostname: b4e32c59-e5c2-4393-a27c-75dd5aa8fac2.clouding.host
yes
1
0
AAAA
yes
www.agetest.ageinfo.es
Name Error
yes
1
0
So the CAA RR isn't defined too -> NXDomain.
Looks like the tool you use doesn't understand that.
If you want to use http validation, first step: Add an A record with the www version.
Sorry. I have put wrong the url. Now is correct
scascalesageinfoes:
Authorize identifier: www.plataformatreball.cat Authorizing www. plataformatreball.cat using http-01 validation (SelfHosting) { “type”: “urn:ietf:params:acme:error:dns”, “detail”: “DNS problem: SERVFAIL looking up CAA for www. plataformatreball.cat the domain’s nameservers may be malfunctioning”, “status”: 400
Authorization result: invalid
Your name server software is buggy, so the DNSSEC answers are wrong, NoData-Proof isn't possible. See your check, some days old - https://check-your-website.server-daten.de/?q=plataformatreball.cat
Your non-www works. Your www doesn't work:
Same with Unboundtest - https://unboundtest.com/m/CAA/www.plataformatreball.cat/2NEUUSVX
Jun 22 10:38:14 unbound[16717:0] info: validate(nodata): sec_status_bogus
Result:
Query results for CAA www.plataformatreball.cat
Response:
;; opcode: QUERY, status: SERVFAIL, id: 65316
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;www.plataformatreball.cat. IN CAA
try to add a CAA record with the www domain name, if that works, a NoData validation isn't required,
disable DNSSEC (not really good)
your dns provider must update the software (may be impossible, send them a link to this topic),
change your dns provider (may be impossible).
system
Closed
July 22, 2020, 11:18am
5
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.