SERVFAIL from authoritative DNS server (0x20 case randomization issue)

I also met the problem of DNS, very sad、
root# certbot --expand -d
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. (http-01): urn:acme:error:dns :: DNS problem: SERVFAIL looking up CAA for

This one exhibits the same capsforid fallback failure as this thread.

Disabling qname-minimisation in Unbound causes both domains to succeed, both in Unbound 1.7.3 and earlier versions, which is also why unboundtest passes for both domains.

(Not a solution, just an observation).

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.