Has Let's Encrypt blocked my server IP?

profimanj · December 5, 2023, 8:36am

One of our new users is facing an error getting a security certificate and has the following error:

#### Log for the AutoSSL run for “yadakkar”: Tuesday, December 5, 2023 11:05:14 AM GMT+03-30 (Let’s Encrypt™)
11:05:14 AM AutoSSL’s configured provider is “Let’s Encrypt™”.
11:05:15 AM Analyzing “yadakkar”’s domains …
11:05:15 AM Analyzing “yadakkaran.com” (website) …
11:05:15 AM User-excluded domains: 6 (mail.yadakkaran.com, webmail.yadakkaran.com, cpanel.yadakkaran.com, webdisk.yadakkaran.com, cpcontacts.yadakkaran.com, cpcalendars.yadakkaran.com)
ERROR TLS Status: Defective
ERROR Defect: NO_SSL: No SSL certificate is installed.
11:05:15 AM Attempting to ensure the existence of necessary CAA records …
11:05:15 AM No CAA records were created.
11:05:15 AM Verifying 2 domains’ management status …
Verifying “Let’s Encrypt™”’s authorization on 2 domains via DNS CAA records …
11:05:25 AM WARN DNS query error (yadakkaran.com/NS): SERVFAIL (2)
WARN DNS query error (yadakkaran.com/NS): SERVFAIL (2)
11:05:25 AM ERROR “yadakkaran.com” is unmanaged. Verify this domain’s registration and authoritative nameserver configuration to correct this problem.
11:05:27 AM WARN DNS query error (www.yadakkaran.com/NS): SERVFAIL (2)
11:05:27 AM ERROR “www.yadakkaran.com” is unmanaged. Verify registration and authoritative nameserver configuration for this domain or “yadakkaran.com” to correct this problem.

Even though all the ns are set correctly, the error still exists Please guide

orangepizza · December 5, 2023, 9:36am

unboundtest successd to lookup that sites dns records./let's debug neither
may try again?
(P.S moved to help category)

petercooperjr · December 5, 2023, 11:41am

I'm not sure if it's the cause of your problem, but the glue record for ns36.kimiahost.com doesn't match its authoritative address.

https://dnsviz.net/d/www.yadakkaran.com/dnssec/

com to yadakkaran.com: The glue address(es) for ns36.kimiahost.com (81.12.39.159) differed from its authoritative address(es) (81.12.39.202).

profimanj · December 5, 2023, 3:43pm

how to fix it

rg305 · December 5, 2023, 3:48pm

~~Glue records are maintained at your domain registrar.~~
~~Login to their control page and update that record.~~

edit: Kimia Host needs to correct this problem.

petercooperjr · December 5, 2023, 3:56pm

It might be that it's a problem that the owner of kimiahost.com needs to fix with their registrar, not actually a problem relating to the registrar of the domain name you're trying to get a certificate for.

Is the problem recurring? Does it work when trying in the staging environment? (I don't know if your client makes it easy to test the staging environment.)

profimanj · December 6, 2023, 6:26am

Checked in the registrar and there was a glue record
This error has been occurring for a few days and ssl was created with the same conditions until a few days ago

rg305 · December 6, 2023, 6:55am

Neither the chance of success, nor failure, is 100%.
[only one of the nameservers is having the problem]
Meaning: If you retry it enough times it will eventually succeed.

The only way to remove this chance of failure is to correct the problem [for all nameservers].

system · January 5, 2024, 6:56am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Second validation was failing due to my firewall Help	20	315	May 17, 2024
Error re-installing ssl certificate on domain Server	7	1642	September 18, 2016
An error occurred the last time AutoSSL ran, on May 17, 2019: Help	8	8748	June 21, 2019
My Website Not Working After Installing Let’s Encrypt SSL Certificate Help	6	1382	November 14, 2020
ERROR “Let’s Encrypt™” general error (karpinskieng.com): A rate limit prevents DCV Help	6	759	December 15, 2022

Has Let's Encrypt blocked my server IP?

Related topics