SERVFAIL from authoritative DNS server (0x20 case randomization issue)


#1

I also met the problem of DNS, very sad、
root# certbot --expand -d www.cbeid.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for www.cbeid.com
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. www.cbeid.com (http-01): urn:acme:error:dns :: DNS problem: SERVFAIL looking up CAA for www.cbeid.com


SERVFAIL causing issuance failures, unable to reproduce in Unbound or locally
#2

This one exhibits the same capsforid fallback failure as this thread.

Disabling qname-minimisation in Unbound causes both domains to succeed, both in Unbound 1.7.3 and earlier versions, which is also why unboundtest passes for both domains.

(Not a solution, just an observation).


#3

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.