c0r3y
August 21, 2017, 1:29pm
1
Hi, hope someone can help me out. I have been trying to get a cert for days using different clients and today I tried acme but experiencing the below issue. I let acme use it’s own built in standalone server instead of IIS.
I have attached a log.
acmelog.txt (15.6 KB)
My domain is:
directaccess.tworiversschool.net
I ran this command:
acme.sh --issue --tls -d directaccess.tworiversschool.net -d www.directaccess.tworiversschool.net
It produced this output:
SERVFAIL looking up CAA for directaccess.tworiversschool.net
My web server is (include version):
acme standalone
The operating system my web server runs on is (include version):
Windows Server 2016
My hosting provider, if applicable, is:
Daily.co.uk (domain only)
I can login to a root shell on my machine (yes or no, or I don’t know):
Yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
Hi @c0r3y ,
Your DNS is answering with a CNAME record when you ask for a CAA record (pay attention to ANSWER SECTION):
$ dig +norec @ns1.daily.co.uk directaccess.tworiversschool.net caa
; <<>> DiG 9.9.7 <<>> +norec @ns1.daily.co.uk directaccess.tworiversschool.net caa
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45708
;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;directaccess.tworiversschool.net. IN CAA
;; ANSWER SECTION:
directaccess.tworiversschool.net. 300 IN CNAME directaccess.tworiversschool.net.
;; Query time: 47 msec
;; SERVER: 195.26.90.11#53(195.26.90.11)
;; WHEN: lun ago 21 17:04:23 2017
;; MSG SIZE rcvd: 75
Having a CNAME for a CAA record is not a problem, the problem is that you are saying that to resolve directaccess.tworiversschool.net you should check directaccess.tworiversschool.net (the same domain) so you are in an endless loop.
You need to double check the records defined for your domain.
Cheers,
1 Like
system
September 20, 2017, 3:15pm
3
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.