Worked before, but getting this error now on any new webserver: DNS problem: SERVFAIL looking up CAA

Please fill out the fields below so we can help you better.

My domain is:

I ran this command: ./letsencrypt-auto certonly --standalone

It produced this output: Failed authorization procedure. (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: DNS problem: SERVFAIL looking up CAA for

My web server is (include version): Nginx

The operating system my web server runs on is (include version): Ubuntu

My hosting provider, if applicable, is: namebright

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

I’m getting stuck with this error. The odd thing is that it worked with another instance on aws, but we are migrating to biggers instances so im unsure why this is happening. Can anyone point me in the right direction of what to do?

Hi @vpoola88,

Your DNS provider is NameBright. You can find a description of the problem and its current status in earlier threads at

hi @schoen ,

Thanks for getting back. I have looked through a lot of the threads, but cant find a way to seem to make it work. Also - its odd that it worked when i did it about 2 months ago, but doesnt work now with a new instance? Just was wondering if anyone has had that similar experience.

Some of other threads will explain that this is a problem that has to be fixed by NameBright, not by you. The behavior of their nameservers isn’t following technical standards that we need it to follow in order to issue a certificate.

(I think there is some reason for this changed behavior, but I’m not personally familiar with it. But it doesn’t mean that you’ve changed anything or done anything wrong. The trouble all lies with NameBright.)

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.