Error when trying to create ssl cert

jackhendo · May 9, 2022, 9:30pm

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: cat.hollingermetaledge.com

I ran this command: sudo certbot --nginx

It produced this output: https://pastebin.com/raw/B31HrQMN

My web server is (include version): nginx version: nginx/1.18.0 (Ubuntu)

The operating system my web server runs on is (include version): Ubuntu 20.04

My hosting provider, if applicable, is: BUYVM

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.27.0

_az · May 9, 2022, 10:13pm

Detail: DNS problem: SERVFAIL looking up CAA for cat.hollingermetaledge.com - the domain's nameservers may be malfunctioning

Unfortunately problems with Network Solutions' DNS hosting come up quite often on this forum. I don't think there has been a straightforward solution other than contacting their support and trying again.

With the specific issue you're having, you could try one of two things to avoid the bogus response coming from NetSol's servers:

Add a CAA record for cat.hollingermetaledge.com, or
Disable DNSSEC on your domain entirely

jackhendo · May 9, 2022, 10:49pm

You're a legend. Disabling DNSSEC then running the lets encrypt commands works perfectly. Then you can re-enable DNSSEC. Thank you so much

rg305 · May 9, 2022, 10:57pm

I wonder how that will go during the renewal [in 60 days].

Be prepared to turn that off and on again.
OR
To add some authoritative DNS servers that can handle the lack of CAA record query properly.
OR
Switch DNS Service Provider [DSP] to one that can...

system · June 8, 2022, 10:58pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
I cant create ssl certificates Help	17	575	June 17, 2024
Isuess with create certbots Help	4	350	May 22, 2023
Error creating Certs Help	26	2539	July 10, 2021
Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet Help	7	2626	October 21, 2022
Certbot failed to authenticate some domains Help	4	532	May 5, 2022

Error when trying to create ssl cert

Related topics