Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: cf.az.sherifflamb.com
I ran this command:
DNSLookupFailed
FATAL
A fatal issue occurred during the DNS lookup process for cf.az.sherifflamb.com/CAA.
DNS response for cf.az.sherifflamb.com had fatal DNSSEC issues: validation failure <cf.az.sherifflamb.com. CAA IN>: no DNSSEC records from 2600:2000:2100::c9 for DS az.sherifflamb.com. while building chain of trust
FATAL
An error occurred while attempting to lookup the TXT record on _acme-challenge.cf.az.sherifflamb.com . Any resolver errors that the Let's Encrypt CA encounters on this record will cause certificate issuance to fail.
DNS response for _acme-challenge.cf.az.sherifflamb.com had fatal DNSSEC issues: validation failure <_acme-challenge.cf.az.sherifflamb.com. TXT IN>: no DNSSEC records from 2600:2000:2100::c9 for DS az.sherifflamb.com. while building chain of trust. Additionally, Cloudflare's 1.1.1.1 resolver reported: 92.123.94.10:53 rcode=REFUSED for validate-akdv.net DNSKEY
I do see the above error and not able to understand what needs to be fixed to get the certificate issued.
Appreciate your help here.
Regards,
Sandeep
