Status400 mistake

plz can u give advice why i can not register my ssl certificate?
or may work with my web site without this certificate?

Failed to issue SSL / TLS certificate for
More details
Failed to create Let's Encrypt SSL / TLS certificate for Failed to authorize for the domain.
More details


Type: urn:ietf:params:acme:error:dns

Status: 400

Detail: for - check that a DNS record exists for this domain

1 Like

There are DNS errors with your domain:

Strange thing is: when I try to do a dig +trace, I'm not getting any result from your DNS hosting providers DNS servers (, and But when I query those nameservers separately with dig .., I do get a reply from, but and are REFUSING my query.. (Literal error "REFUSED".) :thinking: Strange!

In any case, I believe your DNS provider should be able to fix this.


I connected with my provider they said that I should delete the self-signed certificate. So I am not sure that I delete the right certification?

Which provider did you talk to? Because any existing certificate is totally not related with your current faulty DNS.

They can test the DNS servers themselves by running:

dig +norecurse

That DNS server (and ns3 also by the way) results in an error. While the ns1 server does give a proper reply.

1 Like

with eskiz

I'm failing to see how the errors at their DNS servers can be caused by your certificate?

To make it more clear, if I ask their ns2 DNS server for your domain, I get REFUSED:

osiris@erazer ~ $ dig +norecurse

; <<>> DiG 9.16.12 <<>> +norecurse
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 15873
;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 3d1211dcf923891ee4c3098760fbf80343bdc9e76be95dc7 (good)
;			IN	A

;; Query time: 145 msec
;; WHEN: Fri Jul 23 19:10:25 CEST 2021
;; MSG SIZE  rcvd: 69

osiris@erazer ~ $ 

I'm quite interested in their explanation about how the above REFUSED error from their DNS server would be caused by a self-signed certificate on your server.

1 Like

what do you propose to do in such a situation?

Ask them why their ns2 (and ns3) DNS server is returning a REFUSED status as shown above.

Also: it might be the above error isn't even the acutal problem of your error when getting a certificate: seems your www subdomain isn't configured at all at their DNS servers: that's something you should add to the DNS zone in the DNS zone editor of your domain.

In any case, the REFUSED error should also be fixed, even if it's not the main cause of the error you were getting.

1 Like

okay i will reply if provider answer)
thank u

And add the www subdomain to your domain in the DNS zone editor :wink:

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.