SERVFAIL looking up {A/MX} for

Hi all,

My domain is:

I ran this command: /usr/local/bin/caddy -log stdout -agree=true -conf=/etc/caddy/Caddyfile -root=/var/tmp -email [myusername] (Caddy webserver systemd startup command)

Attempting to fetch certificates during Caddy’s startup produced this output:

Error 400 - urn:acme:error:connection - DNS problem: SERVFAIL looking up A for

Also received the same error, but MX instead of A and the non-www version of the domain instead, until I changed my account email to be my Gmail account.

My operating system is (include version): Ubuntu 16.10 x64

My web server is (include version): Caddy 0.9.3 (

My hosting provider, if applicable, is: DigitalOcean (server); FastMail (DNS/Mail)

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

When I run dig a +short

When I run dig mx +short

20 10

I also get these same results when I query my domain’s info on If anyone has any advice, I’d really appreciate it since I’m about at my wit’s end here. I’m asking here since this error seems to me to indicate that LE is having trouble fetching DNS records for my domain, and that it’s not an issue on my server at this point.

Thanks in advance!

This appears to be an error with your DNSSEC configuration. Here's the result of running for your site:

Inconsistent security for - DS found at parent, but no DNSKEY found at child.
The parent has a secure delegation to the child (indicated by DS RRset at the parent), but the child has no DNSKEY records. This is probably due to a previously signed zone that became unsigned without requesting the parent to remove the secure delegation.

Makes perfect sense. I’ll get that squared away and see if that fixes things! Thank you for your help!

Edit 7:36 PM PDT: It works now!

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.