Problems with domain ".best"

djkobraz · April 11, 2018, 9:52am

I was created many other certificates for different domains, but have a problem with “.best”, digg and curl return correct information but certbot can’t find dns records.

My domain is:
bazar.best

I ran this command:
/usr/bin/letsencrypt certonly -a webroot --webroot-path=/srv/default/ -d bazar.best -d www.bazar.best

It produced this output:
Domain: www.bazar.best
Type: connection
Detail: DNS problem: SERVFAIL looking up A for www.bazar.best

Domain: bazar.best
Type: connection
Detail: DNS problem: SERVFAIL looking up A for bazar.best

My web server is (include version):
nginx

The operating system my web server runs on is (include version):
ubuntu 16.04

My hosting provider, if applicable, is:
zahid.host

I can login to a root shell on my machine (yes or no, or I don’t know):
yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
no

mnordhoff · April 11, 2018, 9:55am

bazar.best.             3595    IN      DS      8311 8 2 998EF1AD0EA175217E2C0C0D91B0B6975268D7C22484689EE274ECDB 98D03359

The domain has a DS record, meaning it uses DNSSEC, but the authoritative nameservers are not actually using DNSSEC.

The DNS resolvers used by Let’s Encrypt, and all other validating DNS resolvers, won’t be able to resolve the domain.

You need to enable DNSSEC on the domain’s nameservers, or remove the DS record at the registrar.

djkobraz · April 11, 2018, 9:58am

thank you for a quick and complete answer!

system · May 11, 2018, 9:59am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.