Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
The operating system my web server runs on is (include version): CentOS v7.9.2009
My hosting provider, if applicable, is: Liquidweb
I can login to a root shell on my machine (yes or no, or I don't know): Yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
cPanel 110.0.5
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
The Auto-SSL lets Encrypt is not working on the www. version of our clients domain. It is on the non www. Originally, it was giving an error message suggesting that there was a missing TXT file at the domains DNS, so that was checked/added and now we are getting the rate limit message. We are not sure what the issue is as we have never had it before and are looking for your input here. We have many accounts/websites on this server and this appears to be the only one having the issue.
DNSLookupFailed
Fatal
A fatal issue occurred during the DNS lookup process for www.powercastco.com/CAA.
DNS response for www.powercastco.com had fatal DNSSEC issues: validation failure <www.powercastco.com. CAA IN>: nodata proof failed from 162.159.25.158 and 162.159.25.158
DNSLookupFailed
Fatal
A fatal issue occurred during the DNS lookup process for www.powercastco.com/AAAA.
DNS response for www.powercastco.com had fatal DNSSEC issues: validation failure <www.powercastco.com. AAAA IN>: nodata proof failed from 162.159.24.117 and 162.159.25.158
would you suggest a delete an reinmall the auto-ssl or do you think its something they need to correct on the domain/DNS side? Sorry, this is all a bit above my head
Really what i am trying to know is if this is something that is an issue on my server and i need to resolve it for my client, or its on the client end with their domain and its DNS management. I know they are doing some sort of DNS splitting on their with the domain so maybe that is the cause? I justt don't want to keep wasting my time if I cannot help.
No, it means the DNS servers for your domain are not working properly. Please take this issue up with the hoster of your DNS and ask them to fix the DNSSEC problem for the CAA resource record for www.powercastco.com. You can also send them the links I've provided in my previous post and also the letsdebug link provided by Bruce earlier.