Letsencrypt certificate renewal failed

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: healthjobsweb.com

I ran this command: I tried installing ssl

It produced this output:

Log for the AutoSSL run for “healthjo”: Thursday, February 6, 2020 8:43:02 AM GMT+05-30 (Let’s Encrypt™)

8:43:02 AM AutoSSL’s configured provider is “Let’s Encrypt™”.

Analyzing “healthjo”’s domains …

8:43:02 AM Analyzing “healthjobsweb.com” …

8:43:02 AM ERROR TLS Status: Defective

ERROR Defect: NO_SSL: No SSL certificate is installed.

8:43:02 AM Attempting to ensure the existence of necessary CAA records …

8:43:02 AM No CAA records were created.

8:43:02 AM Verifying “Let’s Encrypt™”’s authorization on domains via DNS CAA records …

8:43:29 AM WARN DNS query error: (XID m87zyg) DNS returned “SERVFAIL” (code 2) in response to the system’s query for “healthjobsweb.com”’s “CAA” records. at /usr/local/cpanel/Cpanel/DnsRoots/CAA.pm line 114.

WARN DNS query error: (XID 6rqbk7) DNS returned “SERVFAIL” (code 2) in response to the system’s query for “www.healthjobsweb.com”’s “CAA” records. at /usr/local/cpanel/Cpanel/DnsRoots/CAA.pm line 114.

WARN DNS query error: (XID m87zyg) DNS returned “SERVFAIL” (code 2) in response to the system’s query for “healthjobsweb.com”’s “CAA” records. at /usr/local/cpanel/Cpanel/DnsRoots/CAA.pm line 114.

WARN DNS query error: (XID 8ewumw) DNS returned “SERVFAIL” (code 2) in response to the system’s query for “mail.healthjobsweb.com”’s “CAA” records. at /usr/local/cpanel/Cpanel/DnsRoots/CAA.pm line 114.

WARN DNS query error: (XID m87zyg) DNS returned “SERVFAIL” (code 2) in response to the system’s query for “healthjobsweb.com”’s “CAA” records. at /usr/local/cpanel/Cpanel/DnsRoots/CAA.pm line 114.

WARN DNS query error: (XID x7uuff) DNS returned “SERVFAIL” (code 2) in response to the system’s query for “cpanel.healthjobsweb.com”’s “CAA” records. at /usr/local/cpanel/Cpanel/DnsRoots/CAA.pm line 114.

WARN DNS query error: (XID m87zyg) DNS returned “SERVFAIL” (code 2) in response to the system’s query for “healthjobsweb.com”’s “CAA” records. at /usr/local/cpanel/Cpanel/DnsRoots/CAA.pm line 114.

WARN DNS query error: (XID 5ghejj) DNS returned “SERVFAIL” (code 2) in response to the system’s query for “webdisk.healthjobsweb.com”’s “CAA” records. at /usr/local/cpanel/Cpanel/DnsRoots/CAA.pm line 114.

WARN DNS query error: (XID m87zyg) DNS returned “SERVFAIL” (code 2) in response to the system’s query for “healthjobsweb.com”’s “CAA” records. at /usr/local/cpanel/Cpanel/DnsRoots/CAA.pm line 114.

WARN DNS query error: (XID yr2tvm) DNS returned “SERVFAIL” (code 2) in response to the system’s query for “webmail.healthjobsweb.com”’s “CAA” records. at /usr/local/cpanel/Cpanel/DnsRoots/CAA.pm line 114.

WARN DNS query error: (XID m87zyg) DNS returned “SERVFAIL” (code 2) in response to the system’s query for “healthjobsweb.com”’s “CAA” records. at /usr/local/cpanel/Cpanel/DnsRoots/CAA.pm line 114.

WARN DNS query error: (XID 9dvwzj) DNS returned “SERVFAIL” (code 2) in response to the system’s query for “autodiscover.healthjobsweb.com”’s “CAA” records. at /usr/local/cpanel/Cpanel/DnsRoots/CAA.pm line 114.

WARN DNS query error: (XID m87zyg) DNS returned “SERVFAIL” (code 2) in response to the system’s query for “healthjobsweb.com”’s “CAA” records. at /usr/local/cpanel/Cpanel/DnsRoots/CAA.pm line 114.

“Let’s Encrypt™” is authorized to issue certificates for all domains.

8:43:29 AM Performing HTTP DCV (Domain Control Validation) on 7 domains …

8:43:29 AM ERROR The system failed to determine whether “healthjobsweb.com” is a registered domain because of a DNS error: (XID gde8da) DNS returned “SERVFAIL” (code 2) in response to the system’s query for “healthjobsweb.com”’s “NS” records.

ERROR The system failed to determine whether “healthjobsweb.com” is a registered domain because of a DNS error: (XID gde8da) DNS returned “SERVFAIL” (code 2) in response to the system’s query for “healthjobsweb.com”’s “NS” records.

ERROR The system failed to determine whether “healthjobsweb.com” is a registered domain because of a DNS error: (XID gde8da) DNS returned “SERVFAIL” (code 2) in response to the system’s query for “healthjobsweb.com”’s “NS” records.

ERROR The system failed to determine whether “healthjobsweb.com” is a registered domain because of a DNS error: (XID gde8da) DNS returned “SERVFAIL” (code 2) in response to the system’s query for “healthjobsweb.com”’s “NS” records.

ERROR The system failed to determine whether “healthjobsweb.com” is a registered domain because of a DNS error: (XID gde8da) DNS returned “SERVFAIL” (code 2) in response to the system’s query for “healthjobsweb.com”’s “NS” records.

ERROR The system failed to determine whether “healthjobsweb.com” is a registered domain because of a DNS error: (XID gde8da) DNS returned “SERVFAIL” (code 2) in response to the system’s query for “healthjobsweb.com”’s “NS” records.

ERROR The system failed to determine whether “healthjobsweb.com” is a registered domain because of a DNS error: (XID gde8da) DNS returned “SERVFAIL” (code 2) in response to the system’s query for “healthjobsweb.com”’s “NS” records.

8:43:29 AM No local DNS DCV is necessary.

8:43:29 AM Processing “healthjo”’s local DCV results …

8:43:29 AM Analyzing “healthjobsweb.com”’s DCV results …

8:43:29 AM ERROR Impediment: TOTAL_DCV_FAILURE: Every domain failed DCV.

8:43:29 AM The system has completed “healthjo”’s AutoSSL check.

My web server is (include version): httpd

The operating system my web server runs on is (include version): cloudlinux 7.7

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):yes

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

2 Likes

AutoSSL’s self-checks are failing due to some sort of issue with DNS resolution. You need to contact your hosting company to help figure out what’s going on. Let’s Encrypt doesn’t have any information, and your host is in a better position to investigate it than the community.

For what it’s worth, your domain seems to resolve fine for me, so there might be an issue with your resolver.

2 Likes

We are the hosting provider. The domain is resolving to correct nameservers and IP address but letsencrypt is still failing to renew. May I know any suggestions regarding the same.

Try using alternate (global) DNS servers.

Although Let’s Debug found no errors, I do see that the zone is not exactly hosted “globally”:


There are only two DNS servers and both are operated from the same AS (an AS which doesn’t seem to be using anycast or any other global load-balancing system).

2 Likes

Sorry I didnt understand the exact meaning of what you have suggested. Please can you make it more clear.

Change the DNS servers in use by that system.
Try using global DNS servers.
Like:

DNS.Google
    8.8.8.8, 8.8.4.4
Level 3
    4.2.2.1 - 4.2.2.6
one.one.one.one
[CloudFlare DNS]
    1.1.1.1
    1.0.0.1
OpenDNS
    208.67.220.220
    208.67.222.222
3 Likes

Are you referring to the resolv.conf file. The server is under aws and thats why the resolver is different.

Yes, that is typically where DNS is configured in Linux systems.

If you pay for it, you can configure it any way you like.
[you only need to change it to test it - then you can change it back]

If it continues to fail, then there may be a problem with your DNS provider (or setup):

healthjobsweb.com nameserver = ns1.realwebhost.net
healthjobsweb.com nameserver = ns2.realwebhost.net

You may need to change to a “real DNS host” - LOL

3 Likes

realwebhost.net’s website is itself not secure. :astonished: One would think a hosting company would at least have a secure website. :face_with_raised_eyebrow:

3 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.