No matter what, I can't get an SSL Cert on my server

My domain is:

I ran this command: certbot --nginx -d

It produced this output:

Failed authorization procedure. (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: DNS pro
blem: SERVFAIL looking up A for

My web server is (include version): nginx version: nginx/1.10.3 (Ubuntu)

The operating system my web server runs on is (include version): Ubuntu 16.04.4 Xenial

My hosting provider, if applicable, is: Digital Ocean

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

In short, I managed to issue a certificate perfectly fine with no issues when I first made the server. Then I went to add one several weeks later to find it had this issue. So I factory reset the server and tried again. It hasn’t worked since. It bothers me because I setup someone else’s server with Django and Nginx and it worked perfectly fine when I installed Certbot. I genuinely dont know what the problem is because it worked before, nothing has changed. I have literally spent weeks searching through many different forums for answers with nothing helping. Can anyone help?

The domain has a DS record, indicating it uses DNSSEC, but it doesn’t use DNSSEC. Validating resolvers will consider it invalid. The DS record needs to be deleted at the registrar.        86400   IN      DS      60482 13 1 FB709B52FC3B983140CE64B71923DAD091C52BEE
1 Like

I went to my control panel at NameCheap, and it currently says that DNSSEC is off. I enabled it to find that it the same details already present, identical to what you provided. Odd. So I tried to delete it but it said that atleast 1 key must be present, and wouldn’t let me do so. I’ve clicked disable on DNSSEC again to see if this helps. I will try again later on today to see if that has fixed it. I’ve noticed that NameCheap has become increasingly buggy with several areas of their user control panel and am strongly considering moving all my domains elsewhere.

Yeah, they’ve had issues adding and removing DS records for at least a year. I thought it might have been resolved. The control panel will say DNSSEC has been enabled or disabled, but the DS update doesn’t actually happen.

Try contacting customer service, I guess? They’re badly breaking your domain.

Or switch back to whichever DNS service had that key and enable DNSSEC.

Or transfer to a different registrar.

The issue is that It was working perfectly fine for a few weeks, then this issue started to happen. I’ve never touched DNSSEC before, so it worries me that they added a key without my input. I think I’ll migrate my domain to another registrar for now, then try from there.


You won’t need to switch register.

Just contact their support team and it will be fine.

They always switch dns record without my notice.

I’ve had far too many issues with them over the past years. Unfortunately, I’m tired of being passed around while paying for a service that constantly breaks. It’s honestly better to move to a registrar that sells at whole sale price, especially when you’re paying for 20 or so domains annually.

I decided to try live chat. They couldn’t help on the spot. Moved my domain to another registrar and deleted the copied over DS record. It worked instantly. Thanks guys.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.