Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:support.janacorp.com
I ran this command:Beyond Trust web - Request New Certificate
It produced this output: DNS problem: looking up CAA for support.janacorp.com DNSSEC:Bogus
My web server is (include version): Beyond Trust Appliance
The operating system my web server runs on is (include version): Red Hat Enterprise Linux 7
I can login to a root shell on my machine (yes or no, or I don't know):no
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
I have contacts Firewall, Application and DNS Hosting all settings are correct, i just spoke with Network Solutions and stated i need to reach out to Let's Encrypt to resolve the DNS error.
quote
Here you will have to contact lets encrypt and get these records to be added here and we will update them for you here
your nameserver fails when a subdomain exist but doesn't have that type of record it should reply noerror but this server instead replies nxdomain: try adding explict CAA record on that subdomain to walk around this bug.
You will have to figure out what's wrong with your DNS server to be able to use Let's Encrypt. As orangepizza posted while I wrote this, adding an explicit CAA record might fix it, if the problem is only with non-existant records.
It's been a recurring theme here that Network Solutions doesn't seem to know how to actually run a DNS server. Here's a thread from last year complaining about it, though if you search the forums you can find others.
Your options seem to be to change to a different DNS provider (one can use a different DNS provider than your web hosting provider, if you're otherwise happy with Network Solutions), to disable DNSSEC (since Network Solutions doesn't seem to know how to implement it), or to keep bashing your head against their tech support and hope that they eventually get a clue.