Problem with Domain

Hi,

i have a Issue with the Domain dkaraus.ch

When i want to order a Certificate via Mailcow and Proxmox there comes an Error

Log Proxmox:

Task viewer: SRV - Order Certificate

OutputStatus

Stop

Loading ACME account details
Placing ACME order
Order URL: https://acme-v02.api.letsencrypt.org/acme/order/66293842/1111328097

Getting authorization details from 'https://acme-v02.api.letsencrypt.org/acme/authz-v3/394538647'
... pending!
Setting up webserver
Triggering validation
Sleeping for 5 seconds
Status is still 'pending', trying again in 30 seconds
TASK ERROR: validating challenge 'https://acme-v02.api.letsencrypt.org/acme/authz-v3/394538647' 
failed

Best regards

TechnikClan

Your nameservers are misconfigured. Your glue records are missing.

Your nameserver is returning SERVFAIL for itw own domain:

$ dig @148.251.254.105 dkaraus.ch caa

; <<>> DiG 9.11.5-P1-1ubuntu2.5-Ubuntu <<>> @148.251.254.105 dkaraus.ch caa
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 34809
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1680
;; QUESTION SECTION:
;dkaraus.ch.                    IN      CAA

;; Query time: 335 msec
;; SERVER: 148.251.254.105#53(148.251.254.105)
;; WHEN: Wed Sep 18 19:06:11 AEST 2019
;; MSG SIZE  rcvd: 39

Your domain doesn’t appear to exist in DNS:
https://letsdebug.net/dkaraus.ch/62691

Hi @TechnikClan

your nameserver doesn’t work - https://check-your-website.server-daten.de/?q=dkaraus.ch

Domainname flag Name Value ∑ Queries ∑ Timeout
dkaraus.ch -2 Server failure - The name server was unable to process this query due to a problem with the name server 2 0
ch 0 no CAA entry found 1 0

So Letsencrypt can’t check your CAA entry.

And the detailed reason:

X Fatal error: Nameserver doesn’t support TCP connection: ns.dkaraus.ch / 109.237.142.8: ServerFailure
X Fatal error: Nameserver doesn’t support TCP connection: ns1.dkaraus.ch / 148.251.254.105: ServerFailure

An authoritative name server must support TCP connections via port 53.

The Domain is normal dkaraus.ch but i have SubDomains

vpscontrol.dkaraus.ch and mx.dkaraus.ch

I think the Problem was the IPv6

Your order

https://acme-v02.api.letsencrypt.org/acme/authz-v3/394538647

says

DNS problem: SERVFAIL looking up CAA for dkaraus.ch

Checking your subdomain you see the problem:

Domainname flag Name Value ∑ Queries ∑ Timeout
vpscontrol.dkaraus.ch 0 no CAA entry found 1 0
dkaraus.ch -2 Server failure - The name server was unable to process this query due to a problem with the name server 2 0

First vpscontrol.dkaraus.ch is checked. If there is no CAA entry, dkaraus.ch is checked. If there is a Server failure, that blocks.

So if you can’t resolve that Server failure, create a CAA entry with your subdomain.

But i can’t set a CAA Entry…

Then you have to fix your Server failure. Perhaps update the DNS software.

There was the DNS flag day 2019.

So the unbound - software Letsencrypt uses to check the DNS was updated. May be now your dns software is “too buggy” to work.

PS: If your dns software doesn’t allow to create a CAA entry, the software is really too old.

Thx for the Information. I think i must change The Nameserver etc.

Thanks for the Support :slight_smile:

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.