I don’t have IPV6 on our server, which means that I don’t have an AAAA record on my DNS server. But now, when I want to renew my certificate, it says that we can’t find your AAAA record.
What I can do?
"the domain’s nameservers may be malfunctioning; DNS problem: SERVFAIL looking up AAAA for “my domain” - the domain’s nameservers may be malfunctioning [BadRequest :: urn:ietf:params:acme:error:dns]
That’s an error from the certificate authority (e.g. Let’s Encrypt), not from the app. It could be a temporary issue or your DNS nameservers are not all responding correctly [e.g. SERVFAIL, which means your DNS nameserver didn’t understand the question or fell over trying to answer].
Check your site using https://letsdebug.net
A common problem is that there is a AAAA record in DNS pointing to a landing page provided by your DNS provider, but I can’t tell if that’s the case without knowning your domain. Let’s Encrypt tend to talk about AAAA records by default because they try IPv6 first, then IPv4.
Thanks for your replay,
I checked the DNS server and we don’t have any AAAA records.
I’ve received new error "[Progress] Validation failed: “my domain”
Response from Certificate Authority: “Site IP address”: Invalid response from https://my domain/: “\r\n\r\n\r\n\r\n\r\n\r\n\r\n <meta name="viewport" content="width=device-width" />\r\n \r\n <link href="/Conte” [Forbidden :: urn:ietf:params:acme:error:unauthorized]
2024-10-20 23:20:50.840 +03:30 [ERR] Validation of the required challenges did not complete successfully. Validation failed: inst.ehcare.ir
Response from Certificate Authority: “Site IP address”: Invalid response from https://my domain/: “\r\n\r\n\r\n\r\n\r\n\r\n\r\n <meta name="viewport" content="width=device-width" />\r\n \r\n <link href="/Conte” [Forbidden :: urn:ietf:params:acme:error:unauthorized]
Ok, your domain validation has progressed from a DNS error to an issue where the certificate authority is checking your domain (using HTTP domain validation)
but not getting the expected response.
You included your domain in the message above and I can see that is on Cloudflare and is redirecting all http requests to https. You should set you SSL mode in Cloudflare to Full instead of Full Strict, otherwise http requests can’t reach your server for http validation to work.
An alternative is to use DNS domain validation (setting a particular TXT record in DNS for every renewal), there is more about that here: DNS Validation (dns-01) | Certify The Web Docs and we have a cloudflare provider detailed here: Cloudflare DNS | Certify The Web Docs