SSL is not getitng issued on WWW URL


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: jobtantra.com

We are trying to install SSL on www.jobtantra.com but getting below errors
: [Wed Jul 11 14:12:39 IST 2018] www.jobtantra.com:Verify error:DNS problem: SERVFAIL looking up A for www.jobtantra.com

DNS are proper for the domain still facing issues.

My web server is (include version): Tomcat

The operating system my web server runs on is (include version): CentOS 6

My hosting provider, if applicable, is: Milesweb

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): Webuzo


#2

Hi Manish,

The reason is probably due to your domain’s nameservers sending bogus NS records.

Your actual nameservers are as follows:

jobtantra.com.          172800  IN      NS      ns51.domaincontrol.com.
jobtantra.com.          172800  IN      NS      ns52.domaincontrol.com.

However, when making an inquiry at those nameservers, they are giving an incorrect referral to other nameservers:

$ dig +noall +authority @ns51.domaincontrol.com jobtantra.com
jobtantra.com.          3600    IN      NS      ns21.domaincontrol.com.
jobtantra.com.          3600    IN      NS      ns22.domaincontrol.com.

Those two nameservers (21 and 22), don’t actually contain the zone data for your domain, and give a REFUSED response code.

What’s happening (probably) is that Let’s Encrypt is picking up those two referrals to ns21 and n22, except when it tries to use them, it gets a REFUSED, which leads to the SERVFAIL.

So what you should do is locate those two incorrect NS records and either remove them or amend them to the correct nameservers (ns51 and ns52).


#4

Thanks for the details.

I will check the DNS settings of the domain and see if it works.

Thanks again.


#5

Hi .There is an easy way to get an SSL certificate from lets-encrypt via zerossl. If you are interested here is a guide.


#6

…which won’t help in the least if the DNS entries are messed up.


#7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.