SERVFAIL looking up CAA for

Hi, hope someone can help me out. I have been trying to get a cert for days using different clients and today I tried acme but experiencing the below issue. I let acme use it’s own built in standalone server instead of IIS.

I have attached a log.

acmelog.txt (15.6 KB)

My domain is:

I ran this command: --issue --tls -d -d

It produced this output:

SERVFAIL looking up CAA for

My web server is (include version):

acme standalone

The operating system my web server runs on is (include version):

Windows Server 2016

My hosting provider, if applicable, is: (domain only)

I can login to a root shell on my machine (yes or no, or I don’t know):


I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

Hi @c0r3y,

Your DNS is answering with a CNAME record when you ask for a CAA record (pay attention to ANSWER SECTION):

 $ dig +norec caa

; <<>> DiG 9.9.7 <<>> +norec caa
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45708
;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

; EDNS: version: 0, flags:; udp: 4096
; IN   CAA


;; Query time: 47 msec
;; WHEN: lun ago 21 17:04:23     2017
;; MSG SIZE  rcvd: 75

Having a CNAME for a CAA record is not a problem, the problem is that you are saying that to resolve you should check (the same domain) so you are in an endless loop.

You need to double check the records defined for your domain.


1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.