Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: www.ibigroup.com
I ran this command:
It produced this output:
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for www.ibigroup.com
Waiting for verification...
Challenge failed for domain www.ibigroup.com
http-01 challenge for www.ibigroup.com
Cleaning up challenges
Some challenges have failed.
IMPORTANT NOTES:
-
The following errors were reported by the server:
Domain: www.ibigroup.com
Type: dns
Detail: DNS problem: SERVFAIL looking up CAA for www.ibigroup.com -
the domain's nameservers may be malfunctioning
My web server is (include version): Apache
The operating system my web server runs on is (include version): Ubuntu 20.04.2
My hosting provider, if applicable, is: DigitalOcean
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you're using Certbot): 0.40.0
To add. This cert has two names, with and without the www. I had some issues with this when it was first setup (which I can't recall but it was a struggle)
based on this error message I found previous threads and this seems (like the message says) a DNS issue. I note that when I use google dig for some things on this domain I do get some errors for some records.
My problem is that the client manages their own DNS and has done so poorly in the past. I am going to need to give them some specific direction I think as to what records are failing or what the "right" result in dig (google or otherwise) looks like. If I just tell them "your DNS is broken" we won't make any progress and the current cert expires next Friday.
Any insight here would be greatly appreciated.