Error when activating Let's encrypt certificate

Help
1

Hi

My domain is:
https://fufu-nancy.fr

I ran this command:
Generate a certificate from my cpanel

It produced this output:
Updating challenge for fufu-nancy.fr: acme: error code 400 "urn:ietf:params:acme:error:dns": DNS problem: looking up A for fufu-nancy.fr: DNSSEC: DNSKEY Missing: validation failure <fufu-nancy.fr. A IN>: No DNSKEY record [misc failure] from xx.x.xx.xx for key fufu-nancy.fr. while building chain of trust; DNS problem: looking up AAAA for fufu-nancy.fr: DNSSEC: DNSKEY Missing: validation failure <fufu-nancy.fr. AAAA IN>: No DNSKEY record [misc failure] from xx.x.xx.xx for key fufu-nancy.fr. while building chain of trust (order URL: https://acme-v02.api.letsencrypt.org/acme/order/1293978146/441007404421)

I don't know how to reply to the other questions asked by the forum template since I'm not that much tech savvy but maybe my issue is due to the name servers that are not fully propagated?
Thanks for any help

2

Have you recently changed DNS provider or disabled DNSSEC as there is a DS record for your domain (DNSKEY digest) however there are no DNSKEY records or RRSIG (resource record signature) records?

Edit: DNSVis might be useful to see the problem fufu-nancy.fr | DNSViz

5 Likes
3

Hi @vincentpaul,

You have DNS issues.

The online tool Let's Debug yields these results https://letsdebug.net/fufu-nancy.fr/2597990

image
image1276×1029 56.1 KB

4 Likes
4

Thank you very much guys.
Yes I have just changed the name servers so they can match the ones where my web hosting is. Usually the modification takes place immediately but this time it seems to take a bit more time. Maybe that's the source of my issue, I'm going to wait a bit. I've just checked in my domain name registrar it says "DnsSec request is still in progress"

4 Likes
5

Hi @vincentpaul,

It looks like you successfully got a certificate! :slight_smile:

Sidenote there is still an issue with the DNS Servers not responding to TCP requests shown

3 Likes