Issuing SSL Certificates: Error 400

Help
1

Dear reader,

My domain is: alfa-crafts.dk and alfa-iso.dk

We have been trying to install a basic, free certificate since the beginning of last week.
Every time it shows error 400 and tells that there are mistakes in ou DNS Records. It tells that there are AAAA records, which there arent. I read on another forum, that it could also be due to CAA records, which we dont use.

The error looks like this:

Skærmbillede 2023-03-14 kl. 15.56.49
Skærmbillede 2023-03-14 kl. 15.56.49826×1038 85.8 KB

I took a copy of our DNS administrator, which shows that no AAAA records or wrong A records are used. We are pointing it towards the correct IP, which we have checked.

Our records:

*.alfa-crafts.dk A 3600 0 185.21.40.38
alfa-crafts.dk A 3600 0 185.21.40.38
www.alfa-crafts.dk A 3600 0 185.21.40.38
autoconfig.alfa-crafts.dk CNAME 3600 0 autoconfig-mf.onlinemail.io
autodiscover.alfa-crafts.dk CNAME 3600 0 autodiscover-mf.onlinemail.io
onlinemail._domainkey.alfa-crafts.dk CNAME 3600 0 dkim.mf.onlinemail.io
webmail.alfa-crafts.dk CNAME 3600 0 onlinemail.io
alfa-crafts.dk MX 3600 20 mx2.onlinemail.io
alfa-crafts.dk MX 3600 10 mx1.onlinemail.io
alfa-crafts.dk TXT 3600 0 v=spf1 include:spf.onlinemail.io include:web.shared.mysmtp.com ?all
alfa-crafts.dk NS 3600 0 ns1.curanet.dk
alfa-crafts.dk NS 3600 0 ns2.curanet.dk

I've tried to follow all the steps I could find on these forums and Google without succes.
Does anyone know the answer? :slight_smile:

Best regards.

2

The error message is for domain name alfa-craft.dk

But, your DNS is for alfa-crafts.dk (note the crafts)

7 Likes
3

Regarding

There are also DNS issues. Using Let's Debug yields these results https://letsdebug.net/alfa-iso.dk/1407430; 4 Fatal.

3 Likes
4

Ah yes, we haven't seen any recent threads with the good 'old "typo" as an explanation for the error at hand!

4 Likes
5

Thank you all for the feedback. It is really appreciated. What a community :).

The domainname mistake fixed the issues for the first domain, obviously.
However, I failed to identify the errors in our DNS settings for alfa-iso.dk.

Is there any chance, anyone knows what records I'm wrongly applying?
I've double checked with our IP and the remaining settings.

Thanks for reading in advance.

Skærmbillede 2023-03-15 kl. 09.45.30
Skærmbillede 2023-03-15 kl. 09.45.302036×1200 260 KB

Hostname Type TTL Priority Value
*.alfa-iso.dk A 3600 0 185.21.40.38
alfa-iso.dk A 3600 0 185.21.40.38
www.alfa-iso.dk A 3600 0 185.21.40.38
alfa-iso.dk NS 3600 0 ns1.curanet.dk
alfa-iso.dk NS 3600 0 ns2.curanet.dk
1 Like
7

Whereas, "your DNS servers" show themselves as authoritative:

nslookup -q=ns alfa-iso.dk ns1.curanet.dk
alfa-iso.dk nameserver = ns2.curanet.dk
alfa-iso.dk nameserver = ns1.curanet.dk

Global DNS shows otherwise:

nslookup -q=ns alfa-iso.dk a.nic.dk
alfa-iso.dk nameserver = nonexistent.dk-hostmaster.dk

And the world only uses the Global DNS system.

You must update the authoritative DNS servers at your domain registrar.
[or perhaps the domain has expired and must be renewed]

3 Likes
8

I don't understand what is going on...
Two different WHOIS domains show the servers you listed as being authoritative:

While the .dk authoritative servers don't.
All of them return "nonexistent.dk-hostmaster.dk":

dk nameserver = a.nic.dk
dk nameserver = b.nic.dk
dk nameserver = c.nic.dk
dk nameserver = d.nic.dk
dk nameserver = l.nic.dk
dk nameserver = p.nic.dk
dk nameserver = s.nic.dk
3 Likes
9

Thanks a ton! I think you have pointed me in the right direction.
I will be contacting the authorities to search for a solution.

Its greatly appreciated and have a great day, rg305 :slight_smile:

3 Likes
10

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.