CAA record prevents issuing the certificate: SERVFAIL
- Thread starter Iskandar
- Start date
Richard G
Verified User
You probably have an incorrect CAA record or something else is wrong, you might try to search the forums first.
Like here:
forum.directadmin.com
Like here:
Let's Encrypt error: CAA record prevents issuing the certificate: SERVFAIL.
I got a strange error whilst creating an SSL certificate for a new domain: CAA record prevents issuing the certificate: SERVFAIL. Any idea's how to fix this? Thanks
forum.directadmin.com
- Joined
- Jul 10, 2019
- Messages
- 304
I got this with a when requesting an SSL for a domain that had a domain pointer that did not resolve. Try debugging with the following to determine why the SERVFAIL exists & on what query it is detected:
See this forum for resolution if you have this issue.
This is often caused by invalid DNSSEC records as noted in the forum post that @Richard G has shared, so you'll want to check that as well if you've not done so already.
Code:
bash -x letsencrypt.sh request domain.tldSee this forum for resolution if you have this issue.
This is often caused by invalid DNSSEC records as noted in the forum post that @Richard G has shared, so you'll want to check that as well if you've not done so already.
2020/11/14 03:55:11 [INFO] [blazznet.id, ftp.blazznet.id, mail.blazznet.id, pop.blazznet.id, smtp.blazznet.id, vip.blazznet.id, www.blazznet.id, www.vip.blazznet.id] acme: Obtaining SAN certificate
2020/11/14 03:55:12 [INFO] [blazznet.id] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/8528574403
2020/11/14 03:55:12 [INFO] [ftp.blazznet.id] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/8583392234
2020/11/14 03:55:12 [INFO] [mail.blazznet.id] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/8583392237
2020/11/14 03:55:12 [INFO] [pop.blazznet.id] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/8583392239
2020/11/14 03:55:12 [INFO] [smtp.blazznet.id] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/8583392240
2020/11/14 03:55:12 [INFO] [vip.blazznet.id] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/8583392241
2020/11/14 03:55:12 [INFO] [www.blazznet.id] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/8583392244
2020/11/14 03:55:12 [INFO] [www.vip.blazznet.id] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/8583392245
2020/11/14 03:55:12 [INFO] [blazznet.id] acme: authorization already valid; skipping challenge
2020/11/14 03:55:12 [INFO] [smtp.blazznet.id] acme: Could not find solver for: tls-alpn-01
2020/11/14 03:55:12 [INFO] [smtp.blazznet.id] acme: use http-01 solver
2020/11/14 03:55:12 [INFO] [ftp.blazznet.id] acme: Could not find solver for: tls-alpn-01
2020/11/14 03:55:12 [INFO] [ftp.blazznet.id] acme: use http-01 solver
2020/11/14 03:55:12 [INFO] [mail.blazznet.id] acme: Could not find solver for: tls-alpn-01
2020/11/14 03:55:12 [INFO] [mail.blazznet.id] acme: use http-01 solver
2020/11/14 03:55:12 [INFO] [vip.blazznet.id] acme: Could not find solver for: tls-alpn-01
2020/11/14 03:55:12 [INFO] [vip.blazznet.id] acme: use http-01 solver
2020/11/14 03:55:12 [INFO] [pop.blazznet.id] acme: Could not find solver for: tls-alpn-01
2020/11/14 03:55:12 [INFO] [pop.blazznet.id] acme: use http-01 solver
2020/11/14 03:55:12 [INFO] [www.blazznet.id] acme: Could not find solver for: tls-alpn-01
2020/11/14 03:55:12 [INFO] [www.blazznet.id] acme: use http-01 solver
2020/11/14 03:55:12 [INFO] [www.vip.blazznet.id] acme: Could not find solver for: tls-alpn-01
2020/11/14 03:55:12 [INFO] [www.vip.blazznet.id] acme: use http-01 solver
2020/11/14 03:55:12 [INFO] [smtp.blazznet.id] acme: Trying to solve HTTP-01
2020/11/14 03:55:19 [INFO] [ftp.blazznet.id] acme: Trying to solve HTTP-01
2020/11/14 03:55:26 [INFO] [mail.blazznet.id] acme: Trying to solve HTTP-01
2020/11/14 03:55:26 [INFO] [vip.blazznet.id] acme: Trying to solve HTTP-01
2020/11/14 03:55:27 [INFO] [pop.blazznet.id] acme: Trying to solve HTTP-01
2020/11/14 03:55:27 [INFO] [www.blazznet.id] acme: Trying to solve HTTP-01
2020/11/14 03:55:28 [INFO] [www.vip.blazznet.id] acme: Trying to solve HTTP-01
2020/11/14 03:55:28 [INFO] Skipping deactivating of valid auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/8528574403
2020/11/14 03:55:29 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/8583392234
2020/11/14 03:55:29 [INFO] Unable to deactivate the authorization: https://acme-v02.api.letsencrypt.org/acme/authz-v3/8583392234
2020/11/14 03:55:29 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/8583392237
2020/11/14 03:55:29 [INFO] Unable to deactivate the authorization: https://acme-v02.api.letsencrypt.org/acme/authz-v3/8583392237
2020/11/14 03:55:29 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/8583392239
2020/11/14 03:55:30 [INFO] Unable to deactivate the authorization: https://acme-v02.api.letsencrypt.org/acme/authz-v3/8583392239
2020/11/14 03:55:30 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/8583392240
2020/11/14 03:55:30 [INFO] Unable to deactivate the authorization: https://acme-v02.api.letsencrypt.org/acme/authz-v3/8583392240
2020/11/14 03:55:30 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/8583392241
2020/11/14 03:55:31 [INFO] Unable to deactivate the authorization: https://acme-v02.api.letsencrypt.org/acme/authz-v3/8583392241
2020/11/14 03:55:31 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/8583392244
2020/11/14 03:55:31 [INFO] Unable to deactivate the authorization: https://acme-v02.api.letsencrypt.org/acme/authz-v3/8583392244
2020/11/14 03:55:31 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/8583392245
2020/11/14 03:55:31 [INFO] Unable to deactivate the authorization: https://acme-v02.api.letsencrypt.org/acme/authz-v3/8583392245
2020/11/14 03:55:12 [INFO] [blazznet.id] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/8528574403
2020/11/14 03:55:12 [INFO] [ftp.blazznet.id] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/8583392234
2020/11/14 03:55:12 [INFO] [mail.blazznet.id] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/8583392237
2020/11/14 03:55:12 [INFO] [pop.blazznet.id] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/8583392239
2020/11/14 03:55:12 [INFO] [smtp.blazznet.id] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/8583392240
2020/11/14 03:55:12 [INFO] [vip.blazznet.id] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/8583392241
2020/11/14 03:55:12 [INFO] [www.blazznet.id] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/8583392244
2020/11/14 03:55:12 [INFO] [www.vip.blazznet.id] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/8583392245
2020/11/14 03:55:12 [INFO] [blazznet.id] acme: authorization already valid; skipping challenge
2020/11/14 03:55:12 [INFO] [smtp.blazznet.id] acme: Could not find solver for: tls-alpn-01
2020/11/14 03:55:12 [INFO] [smtp.blazznet.id] acme: use http-01 solver
2020/11/14 03:55:12 [INFO] [ftp.blazznet.id] acme: Could not find solver for: tls-alpn-01
2020/11/14 03:55:12 [INFO] [ftp.blazznet.id] acme: use http-01 solver
2020/11/14 03:55:12 [INFO] [mail.blazznet.id] acme: Could not find solver for: tls-alpn-01
2020/11/14 03:55:12 [INFO] [mail.blazznet.id] acme: use http-01 solver
2020/11/14 03:55:12 [INFO] [vip.blazznet.id] acme: Could not find solver for: tls-alpn-01
2020/11/14 03:55:12 [INFO] [vip.blazznet.id] acme: use http-01 solver
2020/11/14 03:55:12 [INFO] [pop.blazznet.id] acme: Could not find solver for: tls-alpn-01
2020/11/14 03:55:12 [INFO] [pop.blazznet.id] acme: use http-01 solver
2020/11/14 03:55:12 [INFO] [www.blazznet.id] acme: Could not find solver for: tls-alpn-01
2020/11/14 03:55:12 [INFO] [www.blazznet.id] acme: use http-01 solver
2020/11/14 03:55:12 [INFO] [www.vip.blazznet.id] acme: Could not find solver for: tls-alpn-01
2020/11/14 03:55:12 [INFO] [www.vip.blazznet.id] acme: use http-01 solver
2020/11/14 03:55:12 [INFO] [smtp.blazznet.id] acme: Trying to solve HTTP-01
2020/11/14 03:55:19 [INFO] [ftp.blazznet.id] acme: Trying to solve HTTP-01
2020/11/14 03:55:26 [INFO] [mail.blazznet.id] acme: Trying to solve HTTP-01
2020/11/14 03:55:26 [INFO] [vip.blazznet.id] acme: Trying to solve HTTP-01
2020/11/14 03:55:27 [INFO] [pop.blazznet.id] acme: Trying to solve HTTP-01
2020/11/14 03:55:27 [INFO] [www.blazznet.id] acme: Trying to solve HTTP-01
2020/11/14 03:55:28 [INFO] [www.vip.blazznet.id] acme: Trying to solve HTTP-01
2020/11/14 03:55:28 [INFO] Skipping deactivating of valid auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/8528574403
2020/11/14 03:55:29 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/8583392234
2020/11/14 03:55:29 [INFO] Unable to deactivate the authorization: https://acme-v02.api.letsencrypt.org/acme/authz-v3/8583392234
2020/11/14 03:55:29 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/8583392237
2020/11/14 03:55:29 [INFO] Unable to deactivate the authorization: https://acme-v02.api.letsencrypt.org/acme/authz-v3/8583392237
2020/11/14 03:55:29 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/8583392239
2020/11/14 03:55:30 [INFO] Unable to deactivate the authorization: https://acme-v02.api.letsencrypt.org/acme/authz-v3/8583392239
2020/11/14 03:55:30 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/8583392240
2020/11/14 03:55:30 [INFO] Unable to deactivate the authorization: https://acme-v02.api.letsencrypt.org/acme/authz-v3/8583392240
2020/11/14 03:55:30 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/8583392241
2020/11/14 03:55:31 [INFO] Unable to deactivate the authorization: https://acme-v02.api.letsencrypt.org/acme/authz-v3/8583392241
2020/11/14 03:55:31 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/8583392244
2020/11/14 03:55:31 [INFO] Unable to deactivate the authorization: https://acme-v02.api.letsencrypt.org/acme/authz-v3/8583392244
2020/11/14 03:55:31 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/8583392245
2020/11/14 03:55:31 [INFO] Unable to deactivate the authorization: https://acme-v02.api.letsencrypt.org/acme/authz-v3/8583392245
Richard G
Verified User
Yep, DNS issues. You can even debug it.
If you look for example to this line:
Now click on the link in there.
Then you get to an information page.
If you look at detail, under error you will see this:
So this means already that there is no a record for ftp.blazznet.id
You can validate errors this way and from the link from Brent, you can see that also MX and www records are missing.
If you look for example to this line:
Code:
2020/11/14 03:55:29 [INFO] Unable to deactivate the authorization: https://acme-v02.api.letsencrypt.org/acme/authz-v3/8583392234Then you get to an information page.
If you look at detail, under error you will see this:
| detail | "DNS problem: NXDOMAIN looking up A for ftp.blazznet.id - check that a DNS record exists for this domain" |
So this means already that there is no a record for ftp.blazznet.id
You can validate errors this way and from the link from Brent, you can see that also MX and www records are missing.