Issuing SSL Certificates: Error 400

Dear reader,

My domain is: and

We have been trying to install a basic, free certificate since the beginning of last week.
Every time it shows error 400 and tells that there are mistakes in ou DNS Records. It tells that there are AAAA records, which there arent. I read on another forum, that it could also be due to CAA records, which we dont use.

The error looks like this:

I took a copy of our DNS administrator, which shows that no AAAA records or wrong A records are used. We are pointing it towards the correct IP, which we have checked.

Our records:

* A 3600 0 A 3600 0 A 3600 0 CNAME 3600 0 CNAME 3600 0 CNAME 3600 0 CNAME 3600 0 MX 3600 20 MX 3600 10 TXT 3600 0 v=spf1 ?all NS 3600 0 NS 3600 0

I've tried to follow all the steps I could find on these forums and Google without succes.
Does anyone know the answer? :slight_smile:

Best regards.

The error message is for domain name

But, your DNS is for (note the crafts)



There are also DNS issues. Using Let's Debug yields these results; 4 Fatal.


Ah yes, we haven't seen any recent threads with the good 'old "typo" as an explanation for the error at hand!


Thank you all for the feedback. It is really appreciated. What a community :).

The domainname mistake fixed the issues for the first domain, obviously.
However, I failed to identify the errors in our DNS settings for

Is there any chance, anyone knows what records I'm wrongly applying?
I've double checked with our IP and the remaining settings.

Thanks for reading in advance.

Hostname Type TTL Priority Value
* A 3600 0 A 3600 0 A 3600 0 NS 3600 0 NS 3600 0
1 Like

Whereas, "your DNS servers" show themselves as authoritative:

nslookup -q=ns nameserver = nameserver =

Global DNS shows otherwise:

nslookup -q=ns nameserver =

And the world only uses the Global DNS system.

You must update the authoritative DNS servers at your domain registrar.
[or perhaps the domain has expired and must be renewed]


I don't understand what is going on...
Two different WHOIS domains show the servers you listed as being authoritative:

While the .dk authoritative servers don't.
All of them return "":

dk nameserver =
dk nameserver =
dk nameserver =
dk nameserver =
dk nameserver =
dk nameserver =
dk nameserver =

Thanks a ton! I think you have pointed me in the right direction.
I will be contacting the authorities to search for a solution.

Its greatly appreciated and have a great day, rg305 :slight_smile:


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.