I can't reg ssl for domain biahoithudo.com

vodjsc · December 24, 2022, 9:45am

Dear sir,
I have tried many times registering ssl letsencrypt.org for the domain biahoithudo.com
But can't register
Could you please check if letsencrypt.org blocks the domain biahoithudo.com?
I'm looking forward your reply

_az · December 24, 2022, 10:02am

It's not blocked.

Your domain's DNSSEC settings however, are broken, which would prevent the issuance process from succeeding:

Maybe try disabling DNSSEC on your domain, or go through the DNSSEC setup process again.

Osiris · December 24, 2022, 1:49pm

See also biahoithudo.com | DNSViz for a more visual view of the DNSSEC issue.

vodjsc · December 24, 2022, 3:53pm

Thank you for your reply
Can you guide me how to install DNSSEC or buy DNSSEC?

vodjsc · December 24, 2022, 3:54pm

Thank you for your reply
Can you guide me how to install DNSSEC or buy DNSSEC?

danb35 · December 24, 2022, 4:08pm

This is something you'll need to ask your DNS host, as it's different for every host.

Osiris · December 24, 2022, 4:12pm

It should all be available in the configuration panel of your DNS provider. If not, indeed, the next thing to do is ask your DNS provider.

barf7709 · December 24, 2022, 5:54pm

@vodjsc since FAQ - Let's Encrypt Let’s Encrypt offers Domain Validation (DV) certificates.
General steps to utlize Let's Encrypt service:

Understand Domain Names and Domain Name Services
Get a Domain Name and have control over it
Add DNS RR Records as needed
Make sure the Domain Name's DNS is working correctly
Enable DNSSEC
Recheck the Domain Name's DNS is working correctly
Get your server connected and enable only the services you wish to provide
Test using an Internet viewable location, like you cellphone with Wi-Fi turned OFF
Now decide what type of Domain Validated Certificate you want; Wildcard, muliti domain, single domain
Choose the Domain Validation Challenge based off of your previous choice. There are only 3 to choose from: HTTP-01, DNS-01, TLS-ALPN-01. Challenge Types - Let's Encrypt
Open Ports based on the nessary for the challenge type and services you wish to offer
Choose an ACME Client and install it ACME Client Implementations - Let's Encrypt
Test using Staging Environment - Let's Encrypt
Utilize https://letsdebug.net/ to assist testing.
Search this forum for the many additional debugging and testing tools; and most importantly the wealth of valuable knowledge, solutions, and experience & expertise

schoen · December 24, 2022, 11:31pm

Alternatively, I might try to simplify this to:

(1) Get a domain name and have control over it
(2) Choose a hosting provider/hosting environment that supports Let's Encrypt well
(3) Set up your web site using that provider or environment, and get a Let's Encrypt certificate automatically

Most difficulties that people run into seem to involve

using hosting providers or environments that are uncooperative with Let's Encrypt (that lack a Let's Encrypt integration and also don't give the user administrative access)
or where people are trying to use Let's Encrypt certificates on personally-hosted devices (like on a home Internet connection) while being unfamiliar with system administration and networking setup, or where their residential ISP doesn't allow this.

barf7709 · December 24, 2022, 11:45pm

Yes, you are correct @schoen; I was in the context of the above quote.

_az · December 25, 2022, 12:26am

Without complicating things, you can try disable DNSSEC, wait a short while, and try issue the certificate again.

If you own the domain and registered it domain with name.com (which it appears to be the case), you can follow the following instructions to disable DNSSEC:

Managing DNSSEC | Name.com.

vodjsc · December 25, 2022, 3:01am

My domain name is currently DNS at cloudflare.com
So can I install DNSSEC?

vodjsc · December 25, 2022, 3:08am

The domain name I registered at name.com
But Name does not support DNSSEC so I changed the domain DNS to Cloudflare
My domain name is currently DNS at Cloudflare.com
So how do I configure DNSSEC?
Please help

vodjsc · December 25, 2022, 3:09am

The domain name I registered at name.com
But Name does not support DNSSEC so I changed the domain DNS to Cloudflare
My domain name is currently DNS at Cloudflare.com
So how do I configure DNSSEC?
Please help

MikeMcQ · December 25, 2022, 3:16am

I don't see Cloudflare DNS involved. What did you do to change it?

Because dnsviz, unboundtest, and Let's Debug still report the same errors as before
https://dnsviz.net/d/biahoithudo.com/dnssec/
https://unboundtest.com/m/A/biahoithudo.com/DL2CHEVS

vodjsc · December 25, 2022, 3:18am

The domain name I registered at name.com
But Name does not support DNSSEC so I changed the domain DNS to Cloudflare
My domain name is currently DNS at Cloudflare.com
So how do I configure DNSSEC?
Please help

vodjsc · December 25, 2022, 3:20am

Maybe it's dns update slow
I just changed my DNS to cloudflare
Please help me check again

barf7709 · December 25, 2022, 3:34am

Check these:

https://developers.cloudflare.com/dns/additional-options/dnssec

https://www.mondoze.com/guide/kb/understanding-and-configuring-dnssec-in-cloudflare-dns

https://www.cloudflare.com/dns/dnssec/how-dnssec-works/

https://developers.cloudflare.com/registrar/account-options/enable-dnssec

Feel free to add additional related links to the list.

_az · December 25, 2022, 4:30am

The first step is to disable DNSSEC at Name.com. You need to do this because your current DNSSEC configuration is invalid.

Then, if you want to enable DNSSEC again, you can start from the beginning by following the instructions at Cloudflare.

vodjsc · December 25, 2022, 6:09am

Awesome, I did it
https://dnsviz.net/d/biahoithudo.com/dnssec/
I have installed letsencrypt SSL
Thank you very much
Wishing the best for you.