SInce shortly I cannot issue a certificate for my domain

My domain is:

the domain is hosted on a virtual server running CentOS and managed via a Plesk control panel. As automatic renewal suddenly failed, I ran this command: "Renew Existing certificate in Plesk" like I always did, when automatic renewal didn't function! I also checked _acme-challenge text records with mx-toolbox prior reload of cert, however, always receiving DNS record check error! Other domains on the same virtual server are renewed automatically without any problem.

It produced this output:
Could not issue an SSL/TLS certificate for

Details: Could not issue a Let's Encrypt SSL/TLS certificate for Authorization for the domain failed.

Details: Invalid response from

Details: Type: urn:ietf:params:acme:error:dns

Status: 400

Detail: DNS problem: SERVFAIL looking up TXT for - the domain's nameservers may be malfunctioning

My web server is (include version): Apache 2.4.6

The operating system my web server runs on is (include version): CentOS Linux 7.9.2009

My hosting provider, if applicable, is: Hosteurope

I can login to a root shell on my machine (yes or no, or I don't know): yes, I can

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): Plesk Obsidian; Version 18.0.45 Update #2, last updated on July 26, 2022

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): I am using Plesk embedded extensions: letsencrypt (Version 3.0.0-785) and SSL IT (Version 1.11.0-1509)

Appreciate assistance in solving this issue.

Welcome to the community @Misho

There is a problem in your DNS config. You have a different Name Server (NS) record for your domain than for your apex And, that name server has problems. See this site for more info:

And, you can use the site to check your DNS lookups. It uses a similar method to what the Let's Encrypt servers use for DNS lookup so makes it easier to test. You can see the same SERVFAIL error from this test I ran


Thanks Mike McQ.
I just wonder what happened that my DNS settings got scrambled. I didn't change a thing on that server and it was working until now like a charm.
Your help is truly appreciated and I will check the apex DNS and Zone settings.
Hope I can resolve the issue swiftly....


This seems like where "the problem" starts:

nslookup -q=txt    nameserver = internet address =

[All three authoritative DNS servers show "" as being authoritative for that entry]

It strays far from the expected:    nameserver =    nameserver =    nameserver =

That would be expected if using something like acme-dns--but that doesn't seem to be the case here.


Yes, poor wording on my part. My sentence "You have a different Name Server ..." was intended as a fact, not the problem description. Just something to help focus further debug. I see now how that could be clearer - thanks.


Thanks All!
Thanks to MikeMcQ's and rg305's hints I found the error last night and need to await DNS propagation to complete to get it hopefully resolved. I had a DNS delegation on my registrar's authoritative NS in place to the VS NS I am operating at my provider and had some uncovered erroneous DNS entries. It seems to work now, as letsencrypt auto renewal went through last night! But to ensure all is set I need to await another 24 hours.


Problem solved!

Latest unboundtest result:
Query results for TXT
;; opcode: QUERY, status: NOERROR, id: 24844
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

Issue closed!
Thanks a million, Gentlemen! :smiley: