Hi,
i have a Issue with the Domain dkaraus.ch
When i want to order a Certificate via Mailcow and Proxmox there comes an Error
Log Proxmox:
Task viewer: SRV - Order Certificate
OutputStatus
Stop
Loading ACME account details
Placing ACME order
Order URL: https://acme-v02.api.letsencrypt.org/acme/order/66293842/1111328097
Getting authorization details from 'https://acme-v02.api.letsencrypt.org/acme/authz-v3/394538647'
... pending!
Setting up webserver
Triggering validation
Sleeping for 5 seconds
Status is still 'pending', trying again in 30 seconds
TASK ERROR: validating challenge 'https://acme-v02.api.letsencrypt.org/acme/authz-v3/394538647'
failed
Best regards
TechnikClan
_az
September 18, 2019, 9:05am
2
Your nameservers are misconfigured. Your glue records are missing.
Your nameserver is returning SERVFAIL for itw own domain:
$ dig @148.251.254.105 dkaraus.ch caa
; <<>> DiG 9.11.5-P1-1ubuntu2.5-Ubuntu <<>> @148.251.254.105 dkaraus.ch caa
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 34809
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1680
;; QUESTION SECTION:
;dkaraus.ch. IN CAA
;; Query time: 335 msec
;; SERVER: 148.251.254.105#53(148.251.254.105)
;; WHEN: Wed Sep 18 19:06:11 AEST 2019
;; MSG SIZE rcvd: 39
Your domain doesnât appear to exist in DNS:https://letsdebug.net/dkaraus.ch/62691
Hi @TechnikClan
your nameserver doesn't work - https://check-your-website.server-daten.de/?q=dkaraus.ch
Domainname
flag
Name
Value
â Queries
â Timeout
dkaraus.ch
-2
Server failure - The name server was unable to process this query due to a problem with the name server
2
0
ch
0
no CAA entry found
1
0
So Letsencrypt can't check your CAA entry.
And the detailed reason:
X
Fatal error: Nameserver doesn't support TCP connection: ns.dkaraus.ch / 109.237.142.8: ServerFailure
X
Fatal error: Nameserver doesn't support TCP connection: ns1.dkaraus.ch / 148.251.254.105: ServerFailure
An authoritative name server must support TCP connections via port 53.
The Domain is normal dkaraus.ch but i have SubDomains
vpscontrol.dkaraus.ch and mx.dkaraus.ch
I think the Problem was the IPv6
Your order
https://acme-v02.api.letsencrypt.org/acme/authz-v3/394538647
says
DNS problem: SERVFAIL looking up CAA for dkaraus.ch
Checking your subdomain you see the problem:
Domainname
flag
Name
Value
â Queries
â Timeout
vpscontrol.dkaraus.ch
0
no CAA entry found
1
0
dkaraus.ch
-2
Server failure - The name server was unable to process this query due to a problem with the name server
2
0
First vpscontrol.dkaraus.ch is checked. If there is no CAA entry, dkaraus.ch is checked. If there is a Server failure, that blocks.
So if you can't resolve that Server failure, create a CAA entry with your subdomain.
But i canât set a CAA EntryâŚ
Then you have to fix your Server failure. Perhaps update the DNS software.
There was the DNS flag day 2019.
DNS flag day
So the unbound - software Letsencrypt uses to check the DNS was updated. May be now your dns software is âtoo buggyâ to work.
PS: If your dns software doesnât allow to create a CAA entry, the software is really too old.
Thx for the Information. I think i must change The Nameserver etc.
Thanks for the Support
1 Like
system
October 18, 2019, 9:26am
10
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.
