Has Let's Encrypt blocked my server IP?

One of our new users is facing an error getting a security certificate and has the following error:

#### Log for the AutoSSL run for “yadakkar”: Tuesday, December 5, 2023 11:05:14 AM GMT+03-30 (Let’s Encrypt™)
11:05:14 AM AutoSSL’s configured provider is “Let’s Encrypt™”.
11:05:15 AM Analyzing “yadakkar”’s domains …
11:05:15 AM Analyzing “yadakkaran.com” (website) …
11:05:15 AM User-excluded domains: 6 (mail.yadakkaran.com, webmail.yadakkaran.com, cpanel.yadakkaran.com, webdisk.yadakkaran.com, cpcontacts.yadakkaran.com, cpcalendars.yadakkaran.com)
ERROR TLS Status: Defective
ERROR Defect: NO_SSL: No SSL certificate is installed.
11:05:15 AM Attempting to ensure the existence of necessary CAA records …
11:05:15 AM No CAA records were created.
11:05:15 AM Verifying 2 domains’ management status …
Verifying “Let’s Encrypt™”’s authorization on 2 domains via DNS CAA records …
11:05:25 AM WARN DNS query error (yadakkaran.com/NS): SERVFAIL (2)
WARN DNS query error (yadakkaran.com/NS): SERVFAIL (2)
11:05:25 AM ERROR “yadakkaran.com” is unmanaged. Verify this domain’s registration and authoritative nameserver configuration to correct this problem.
11:05:27 AM WARN DNS query error (www.yadakkaran.com/NS): SERVFAIL (2)
11:05:27 AM ERROR “www.yadakkaran.com” is unmanaged. Verify registration and authoritative nameserver configuration for this domain or “yadakkaran.com” to correct this problem.

Even though all the ns are set correctly, the error still exists Please guide

unboundtest successd to lookup that sites dns records./let's debug neither
may try again?
(P.S moved to help category)


I'm not sure if it's the cause of your problem, but the glue record for ns36.kimiahost.com doesn't match its authoritative address.


com to yadakkaran.com: The glue address(es) for ns36.kimiahost.com ( differed from its authoritative address(es) (


how to fix it

Glue records are maintained at your domain registrar.
Login to their control page and update that record.

edit: Kimia Host needs to correct this problem.


It might be that it's a problem that the owner of kimiahost.com needs to fix with their registrar, not actually a problem relating to the registrar of the domain name you're trying to get a certificate for.

Is the problem recurring? Does it work when trying in the staging environment? (I don't know if your client makes it easy to test the staging environment.)


Checked in the registrar and there was a glue record
This error has been occurring for a few days and ssl was created with the same conditions until a few days ago

Neither the chance of success, nor failure, is 100%.
[only one of the nameservers is having the problem]
Meaning: If you retry it enough times it will eventually succeed.

The only way to remove this chance of failure is to correct the problem [for all nameservers].


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.