hi, after enabling dnssec i can’t renew my certificate.
but if i disable dnssec its work without problem!!
this is my steps:
1 - command: sudo certbot --nginx -d mehrtakhfif.com -d www.mehrtakhfif.com
output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Cert not yet due for renewal
You have an existing certificate that has exactly the same domains or certificate name you requested and isn’t close to expiry.
(ref: /etc/letsencrypt/renewal/mehrtakhfif.com.conf)
What would you like to do?
1: Attempt to reinstall this existing certificate
2: Renew & replace the cert (limit ~5 per 7 days)
Select the appropriate number [1-2] then [enter] (press ‘c’ to cancel): 2
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for mehrtakhfif.com
http-01 challenge for www.mehrtakhfif.com
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. www.mehrtakhfif.com (http-01): urn:ietf:params:acme:error:dns :: DNS problem: SERVFAIL looking up CAA for www.mehrtakhfif.com - the domain’s nameservers may be malfunctioning
IMPORTANT NOTES:
-
The following errors were reported by the server:
Domain: www.mehrtakhfif.com
Type: None
Detail: DNS problem: SERVFAIL looking up CAA for
www.mehrtakhfif.com - the domain’s nameservers may be
malfunctioning
2 - dig +dnssec @n.ns.arvancdn.com mehrtakhfif.com caa
output:
; <<>> DiG 9.11.3-1ubuntu1.11-Ubuntu <<>> +dnssec @n.ns.arvancdn.com mehrtakhfif.com caa
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26698
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
; COOKIE: f0b3edcbb93c1475 (echoed)
;; QUESTION SECTION:
;mehrtakhfif.com. IN CAA
;; AUTHORITY SECTION:
mehrtakhfif.com. 7200 IN NSEC \000.mehrtakhfif.com. A NS SOA PTR MX TXT AAAA SRV RRSIG NSEC TLSA
mehrtakhfif.com. 7200 IN RRSIG NSEC 5 2 7200 20200408124501 20200331094501 43881 mehrtakhfif.com. XHWs3aJqnqlHb2wCML6eM1GK7KD4Ht3TQovrsE+/8MrJ5dEJi7Weg4Sr XVwtS9OXH4uryXadyk41dVBVTzwSPZPA+zeHhgiKdlRzClBwstrWxFSx dWHOtUTeB11BKgGbOc39LNzRbQuJ/j/Hb/OhsHNL2Prnt7Oqb7Hx11Pw Wfk=mehrtakhfif.com. 3600 IN SOA n.ns.arvancdn.com. hostmaster.arvancloud.com. 1585657360 86400 7200 604800 7200
mehrtakhfif.com. 3600 IN RRSIG SOA 5 2 3600 20200408124501 20200331094501 43881 mehrtakhfif.com. qTX7NQWjV/9uwsb8s/tp+J1t9dkPEUjPQvzHzzRJ0Vsfeib4nf2VPMpv CvwFh+lAk5PuF7Icey7z+tBx8JDsKzsAl6pIlLYKD/TRreo8YAMCH5Fd IBxZDuDie4j2BErR6jX0nDr2/61NKmCyaFELc7AS8RB8GHQQmTkDi7pQ t2w=
;; Query time: 6 msec
;; SERVER: 185.143.235.253#53(185.143.235.253)
;; WHEN: Tue Mar 31 12:45:06 UTC 2020
;; MSG SIZE rcvd: 584
3 - and finally test on https://letsdebug.net/
output:
All OK!
OK
No issues were found with mehrtakhfif.com. If you are having problems with creating an SSL certificate, please visit the Let’s Encrypt Community forums and post a question there.
My domain is: mehrtakhfif.com
My web server is (include version): nginx/1.16.1
The operating system my web server runs on is (include version): ubuntu/18.04
My hosting provider, if applicable, is: arvancloud.com
I can login to a root shell on my machine (yes or no, or I don’t know): yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of certbot --version or certbot-auto --version
if you’re using Certbot): certbot 0.27.0