Lets encrypt DNS Error

Lets encrypt certificate cant by generate on wedos hosting for domain thermacut.de on different hosting server.
My domain is: thermacut.de

Generating failed and show "DNS error"
We try create CAA records letsencrypt.org, but same error.

Hi @m.holan

please share your exact configuration:

--

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

--

"check-your-website" shows some errors.

That's

X Nameserver Timeout checking Echo Capitalization: ns.vision-net.dk / 79.142.33.34
X Nameserver Timeout checking EDNS512: ns.vision-net.dk / 79.142.33.34

fatal.

The DNSSEC errors may be critical - or may not.

But that's one reason your error message is required.

PS: Rechecked with a local unbound instance. Yep, your www.thermacut.de CAA query is bogus, that breaks creating a Letsencrypt certificate. Same with your not existing www / AAAA record.

PPS: You can skip the www / CAA problem, if you create a CAA with the www subdomain. But you can't skip the same problem with the AAAA record.

Your dns provider has to fix that - or you can't create a Letsencrypt certificate. Or remove DNSSEC, but that's bad too. Or switch to another dns provider, such errors should never happen.

Thanks for quick answer.

Im new in this, so mayby my questins are silly :confused:
How to rechecked with local unbound?

How have to look like right CAA record? its necessary to creating certificate?

AAAA IPV6 currently is not activate on webhosting.

My domain is: thermacut.de

I ran this command: no

It produced this output: no

My web server is (include version): linux

The operating system my web server runs on is (include version):linux

My hosting provider, if applicable, is: wedos

I can login to a root shell on my machine (yes or no, or I don't know):no

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
yes
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): i dont know

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.