Error on renews or generate HTTPS

Help
1

Hi,

I have cPanel Servers. In last weeks I have errors in specific domains.
Errors:

Domain 1:

dns/www.picoliadvogados.com: 403 urn:ietf:params:acme:error:caa (CAA records forbid the CA from issuing) (Error finalizing order :: While processing CAA for www.picoliadvogados.com: DNS problem: SERVFAIL looking up CAA for www.picoliadvogados.com - the domain's nameservers may be malfunctioning)

Domain 2:
“Let’s Encrypt™” DNS DCV error (*.angelicadofuba.com.br): 400 urn:ietf:params:acme:error:dns (There was a problem with a DNS query) (DNS problem: SERVFAIL looking up TXT for _acme-challenge.angelicadofuba.com.br - the domain's nameservers may be malfunctioning)

Refer to sub-problems for more information) (dns/cpanel.picoliadvogados.com: 403 urn:ietf:params:acme:error:caa (CAA records forbid the CA from issuing) (Error finalizing order :: While processing CAA for cpanel.picoliadvogados.com: DNS problem: SERVFAIL looking up CAA for cpanel.picoliadvogados.com - the domain's nameservers may be malfunctioning)

After various days and various attempts, I reach the ratelimit security of attempts and the same error ever.

Domain 2 I need CloudFlare DNS for generate HTTPS and after this the cPanel server succeful generate SSL Lets Encrypt - only CloudFlare Proxy

I have another domains for years in the same cPanel Servers and I dont have problems for renews.

2

Hi @ricardomecca, and welcome to the LE community forum :slight_smile:

It seems like those are DNS problems.
Is there a common DNS system they use?
Is that DNS system different from the ones used by the other domains [those that renewed correctly]?

2 Likes
3

Hey,

I use PowerDNS in cPanel Server.
The DNS for all domains in my servers is the same. Only changes NS1 and NS2 (custom resellers ns1 and ns2) - but the IPs and resolvers is the same for all in the server!

I worked this way for years and never had a problem.

4

The first domain has only one IP for authoritative DNS:

picoliadvogados.com     nameserver = ns1.desagencia.com.br
picoliadvogados.com     nameserver = ns2.desagencia.com.br

ns1.desagencia.com.br   internet address = 200.11.121.139
ns2.desagencia.com.br   internet address = 200.11.121.139

That is not a good setup.

The second domain uses Cloudflare for DNS:

angelicadofuba.com.br   nameserver = heidi.ns.cloudflare.com
angelicadofuba.com.br   nameserver = patryk.ns.cloudflare.com

You may need to review the credentials being used to update that zone.

4 Likes
5 
A records for picoliadvogados.com: ['200.11.121.139']
AAAA records for picoliadvogados.com: No record found
MX records for picoliadvogados.com: ['0 picoliadvogados.com.']
NS records for picoliadvogados.com: ['ns2.desagencia.com.br.', 'ns1.desagencia.com.br.']
CNAME records for picoliadvogados.com: No record found
TXT records for picoliadvogados.com: ['"v=spf1 +a +mx +ip4:200.11.121.139 include:_spf.erehost.com.br ~all"']
SOA records for picoliadvogados.com: ['ns1.desagencia.com.br. nathanazys.gmail.com. 2024081927 3600 1800 1209600 86400']

What I am getting is totally different.

1 Like
6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.