Dear all,
I am going to renew my SSL, but it failed. So, I reinstalled Certbot, tried again, and then it failed again. Could you please help me? Thank you!
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
virtualgrads.com
I ran this command:
certbot certonly --dns-route53 -d "virtualgrads.com" -d "*.virtualgrads.com" -i nginx
It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for virtualgrads.com and *.virtualgrads.com
Certbot failed to authenticate some domains (authenticator: dns-route53). The Certificate Authority reported these problems:
Domain: virtualgrads.com
Type: dns
Detail: During secondary validation: DNS problem: SERVFAIL looking up CAA for virtualgrads.com - the domain's nameservers may be malfunctioning
Domain: virtualgrads.com
Type: dns
Detail: During secondary validation: DNS problem: SERVFAIL looking up CAA for virtualgrads.com - the domain's nameservers may be malfunctioning
Hint: The Certificate Authority failed to verify the DNS TXT records created by --dns-route53. Ensure the above domains have their DNS hosted by AWS Route53.
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
My web server is (include version):
nginx/1.18.0 (Ubuntu)
The operating system my web server runs on is (include version):
Ubuntu 20.04.3 LTS
My hosting provider, if applicable, is:
amazone
I can login to a root shell on my machine (yes or no, or I don't know):
yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you're using Certbot):
certbot 2.10.0