starred/nsupdate.info-nsupdate-info
1
0
Fork 0
mirror of https://github.com/nsupdate-info/nsupdate.info.git synced 2026-04-25 08:35:56 +03:00
Code Issues 56 Projects Releases Packages Wiki Activity

[GH-ISSUE #331] Failed to renew let's encrypt certificate: SERVFAIL looking up CAA #260

New issue
Closed
opened 2026-02-26 09:37:01 +03:00 by kerem · 13 comments
kerem commented 2026-02-26 09:37:01 +03:00
Owner
Copy link

Originally created by @githubtefo on GitHub (Mar 26, 2018).
Original GitHub issue: https://github.com/nsupdate-info/nsupdate.info/issues/331

My domain is: https://mydomain.awsmppl.com

I ran this command to renew my certificate:
certbot renew
or
certbot certonly --webroot -w /var/lib/letsencrypt/ -d mydomain.awsmppl.com (ArchWiki)

It produced this output:

Domain: mydomain.awsmppl.com
Type: connection
Detail: DNS problem: SERVFAIL looking up CAA for mydomain.awsmppl.com

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you’re using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.

My web server is (include version): Apache
The operating system my web server runs on is (include version): Archlinux 32bits
My hosting provider, if applicable, is: self-hosted
I can login to a root shell on my machine (yes or no, or I don’t know): yes

Thank you!
My certificate will expire in 7 days and I really need my server for my work.

Might be related with the DNSSEC config?

reference issue: https://community.letsencrypt.org/t/renew-failed-servfail-looking-up-caa/57681

Originally created by @githubtefo on GitHub (Mar 26, 2018). Original GitHub issue: https://github.com/nsupdate-info/nsupdate.info/issues/331 My domain is: https://mydomain.awsmppl.com I ran this command to renew my certificate: certbot renew or certbot certonly --webroot -w /var/lib/letsencrypt/ -d mydomain.awsmppl.com (ArchWiki) It produced this output: Domain: mydomain.awsmppl.com Type: connection Detail: DNS problem: SERVFAIL looking up CAA for mydomain.awsmppl.com To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address. Additionally, please check that your computer has a publicly routable IP address and that no firewalls are preventing the server from communicating with the client. If you’re using the webroot plugin, you should also verify that you are serving files from the webroot path you provided. My web server is (include version): Apache The operating system my web server runs on is (include version): Archlinux 32bits My hosting provider, if applicable, is: self-hosted I can login to a root shell on my machine (yes or no, or I don’t know): yes Thank you! My certificate will expire in 7 days and I really need my server for my work. Might be related with the DNSSEC config? reference issue: https://community.letsencrypt.org/t/renew-failed-servfail-looking-up-caa/57681
kerem closed this issue 2026-02-26 09:37:01 +03:00
kerem commented 2026-02-26 09:37:02 +03:00
Author
Owner
Copy link

@ThomasWaldmann commented on GitHub (Mar 26, 2018):

Note: I have notified the dns zone admin about this.

<!-- gh-comment-id:376148834 --> @ThomasWaldmann commented on GitHub (Mar 26, 2018): Note: I have notified the dns zone admin about this.
kerem commented 2026-02-26 09:37:02 +03:00
Author
Owner
Copy link

@AgentTNT commented on GitHub (Mar 26, 2018):

The zone has been rectified and the underlying issue that caused the invalid NSEC should be fixed as well. Additional monitoring has been added.

<!-- gh-comment-id:376159677 --> @AgentTNT commented on GitHub (Mar 26, 2018): The zone has been rectified and the underlying issue that caused the invalid NSEC should be fixed as well. Additional monitoring has been added.
kerem commented 2026-02-26 09:37:02 +03:00
Author
Owner
Copy link

@githubtefo commented on GitHub (Mar 26, 2018):

Thanks so much.
I will try again tonight and I will let you know.
Whank you again!

<!-- gh-comment-id:376201721 --> @githubtefo commented on GitHub (Mar 26, 2018): Thanks so much. I will try again tonight and I will let you know. Whank you again!
kerem commented 2026-02-26 09:37:02 +03:00
Author
Owner
Copy link

@githubtefo commented on GitHub (Mar 27, 2018):

Succeeded!

<!-- gh-comment-id:376710090 --> @githubtefo commented on GitHub (Mar 27, 2018): Succeeded!
kerem commented 2026-02-26 09:37:02 +03:00
Author
Owner
Copy link

@pharpe commented on GitHub (Jun 11, 2018):

I'm having this exact same issue.
Running this command:
./certbot-auto certonly --standalone --standalone-supported-challenges http-01 --email myemail@gmail.com -d mydomain.awsmppl.com

Result:
Failed authorization procedure. mydomain.awsmppl.com (http-01): urn:acme:error:dns :: DNS problem: SERVFAIL looking up CAA for mydomain.awsmppl.com

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: mydomain.awsmppl.com
    Type: None
    Detail: DNS problem: SERVFAIL looking up CAA for mydomain.awsmppl.com

<!-- gh-comment-id:396373299 --> @pharpe commented on GitHub (Jun 11, 2018): I'm having this exact same issue. Running this command: ./certbot-auto certonly --standalone --standalone-supported-challenges http-01 --email myemail@gmail.com -d mydomain.awsmppl.com Result: Failed authorization procedure. mydomain.awsmppl.com (http-01): urn:acme:error:dns :: DNS problem: SERVFAIL looking up CAA for mydomain.awsmppl.com IMPORTANT NOTES: - The following errors were reported by the server: Domain: mydomain.awsmppl.com Type: None Detail: DNS problem: SERVFAIL looking up CAA for mydomain.awsmppl.com
kerem commented 2026-02-26 09:37:03 +03:00
Author
Owner
Copy link

@githubtefo commented on GitHub (Jun 11, 2018):

In my case the issue disappeared. Moreover, the cron job worked great this month.

<!-- gh-comment-id:396415942 --> @githubtefo commented on GitHub (Jun 11, 2018): In my case the issue disappeared. Moreover, the cron job worked great this month.
kerem commented 2026-02-26 09:37:03 +03:00
Author
Owner
Copy link

@githubtefo commented on GitHub (Aug 21, 2018):

Same problem again!
Thanks for your help.-

<!-- gh-comment-id:414505286 --> @githubtefo commented on GitHub (Aug 21, 2018): Same problem again! Thanks for your help.-
kerem commented 2026-02-26 09:37:03 +03:00
Author
Owner
Copy link

@AgentTNT commented on GitHub (Aug 21, 2018):

May you try again now?

<!-- gh-comment-id:414514024 --> @AgentTNT commented on GitHub (Aug 21, 2018): May you try again now?
kerem commented 2026-02-26 09:37:03 +03:00
Author
Owner
Copy link

@githubtefo commented on GitHub (Aug 21, 2018):

Now it works!
Great, thank you so much.

<!-- gh-comment-id:414541006 --> @githubtefo commented on GitHub (Aug 21, 2018): Now it works! Great, thank you so much.
kerem commented 2026-02-26 09:37:03 +03:00
Author
Owner
Copy link

@githubtefo commented on GitHub (Jan 17, 2020):

Hi everyone,

@ThomasWaldmann, @TheGr8Wonder, could you please double check/notify the dns zone admin about this again? It is not working and my certificate has expired yesterday :(

Thank you very much in advance!

<!-- gh-comment-id:575453068 --> @githubtefo commented on GitHub (Jan 17, 2020): Hi everyone, @ThomasWaldmann, @TheGr8Wonder, could you please double check/notify the dns zone admin about this again? It is not working and my certificate has expired yesterday :( Thank you very much in advance!
kerem commented 2026-02-26 09:37:03 +03:00
Author
Owner
Copy link

@githubtefo commented on GitHub (Jan 25, 2020):

Hi guys,

Any updates with this issue? I really appreciate your help to get my server up and running again.

Thank you!

<!-- gh-comment-id:578425515 --> @githubtefo commented on GitHub (Jan 25, 2020): Hi guys, Any updates with this issue? I really appreciate your help to get my server up and running again. Thank you!
kerem commented 2026-02-26 09:37:03 +03:00
Author
Owner
Copy link

@ThomasWaldmann commented on GitHub (Jan 26, 2020):

@TheGr8Wonder ^^^

<!-- gh-comment-id:578457078 --> @ThomasWaldmann commented on GitHub (Jan 26, 2020): @TheGr8Wonder ^^^
kerem commented 2026-02-26 09:37:03 +03:00
Author
Owner
Copy link

@githubtefo commented on GitHub (Feb 4, 2020):

@TheGr8Wonder rectified the zone and the issue was solved!
I could renew my certificate now and the server is up and running again.
I really appreciate your help.
Thank y'all!

<!-- gh-comment-id:581705028 --> @githubtefo commented on GitHub (Feb 4, 2020): @TheGr8Wonder rectified the zone and the issue was solved! I could renew my certificate now and the server is up and running again. I really appreciate your help. Thank y'all!
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
0.13-maint
rel0.10
rel0.9
rel0.8
0.13.0
0.12.0
v0.11.0
v0.10.0
v0.9.1
v0.9.0
v0.8.0
v0.7.0
v0.6.0
v0.5.0
v0.4.0
v0.3.0
v0.2.0b0
djangodash2013
Labels
Clear labels   
bug

   
bug

   
duplicate

   
easy

   
easy

   
enhancement

   
enhancement

   
invalid

   
needs help

   
pull-request

Mirrored from GitHub Pull Request

  
scalability

   
security

   
task

   
urgent

   
wontfix
No labels
bug
bug
duplicate
easy
easy
enhancement
enhancement
invalid
needs help
pull-request
scalability
security
task
urgent
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/nsupdate.info-nsupdate-info#260
No description provided.