ptloma
New member
I have read all of the threads related to this and there are no consistent steps to resolution.
I deleted a domain hosted on one DA server and created it on another. I have pointed the NS records at the domain registrar to the new server and https://dnschecker.org/all-dns-records-of-domain.php shows the changes have propagated for all DNS servers (Google/Cloudflare/Opendns/Authoritative DNS).
The domain was created following the exact same procedures as two other domains which encountered no issues requesting Let's Encrypt wildcard SSL certificates.
I have repeatedly tried to create a wildcard SSL certificate for the new domain and it fails each time with the error message:
Found wildcard domain name and http challenge type, switching to dns-01 validation.
CAA record prevents issuing the certificate: SERVFAIL
When I check to see what the CAA record is, I get this response:
host -t caa foxislandchapel.net.
foxislandchapel.net has no CAA record
dig foxislandchapel.net caa
; <<>> DiG 9.16.23-RH <<>> foxislandchapel.net caa
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36645
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;foxislandchapel.net. IN CAA
;; AUTHORITY SECTION:
foxislandchapel.net. 3600 IN SOA ns1.fi253.net. hostmaster.foxislandchapel.net. 2023052100 3600 3600 1209600 86400
;; Query time: 4 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Sun May 21 10:26:46 PDT 2023
;; MSG SIZE rcvd: 105
I have tried suggestions in other posts, including:
./build rewrite_confs
and
./build all
and there does not appear to be anything wrong with the installation.
I have deleted the domain and added it again.
Bottom line is that Let's Encrypt will not issue a cert using the DA panel with the same error message:
Found wildcard domain name and http challenge type, switching to dns-01 validation.
CAA record prevents issuing the certificate: SERVFAIL
Does anyone know how I can diagnose this issue?
I deleted a domain hosted on one DA server and created it on another. I have pointed the NS records at the domain registrar to the new server and https://dnschecker.org/all-dns-records-of-domain.php shows the changes have propagated for all DNS servers (Google/Cloudflare/Opendns/Authoritative DNS).
The domain was created following the exact same procedures as two other domains which encountered no issues requesting Let's Encrypt wildcard SSL certificates.
I have repeatedly tried to create a wildcard SSL certificate for the new domain and it fails each time with the error message:
Found wildcard domain name and http challenge type, switching to dns-01 validation.
CAA record prevents issuing the certificate: SERVFAIL
When I check to see what the CAA record is, I get this response:
host -t caa foxislandchapel.net.
foxislandchapel.net has no CAA record
dig foxislandchapel.net caa
; <<>> DiG 9.16.23-RH <<>> foxislandchapel.net caa
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36645
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;foxislandchapel.net. IN CAA
;; AUTHORITY SECTION:
foxislandchapel.net. 3600 IN SOA ns1.fi253.net. hostmaster.foxislandchapel.net. 2023052100 3600 3600 1209600 86400
;; Query time: 4 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Sun May 21 10:26:46 PDT 2023
;; MSG SIZE rcvd: 105
I have tried suggestions in other posts, including:
./build rewrite_confs
and
./build all
and there does not appear to be anything wrong with the installation.
I have deleted the domain and added it again.
Bottom line is that Let's Encrypt will not issue a cert using the DA panel with the same error message:
Found wildcard domain name and http challenge type, switching to dns-01 validation.
CAA record prevents issuing the certificate: SERVFAIL
Does anyone know how I can diagnose this issue?