When trying to renew my certs I receive the below message. I have worked with our domain registrar for help and they insist it’s an issue with Let’s Encrypt. I have configured the CAA record in DNS and same issue. Any assistance would be greatly appreciated.
Validation of the required challenges did not complete successfully. Domain validation failed: Domainname
DNS problem: SERVFAIL looking up CAA for domainname - the domain’s nameservers may be malfunctioning BadRequest urn:ietf:params:acme:error:dns
Hi, I’ve responded to your helpdesk ticket but the general problem in this case is an invalid DNSSEC configuration.
SERVFAIL is an unacceptable response during domain validation (it’s like getting an http error 500 on a web site) because the certificate authority is trying to prove you control the domain and anything “fishy” going on on has to be taken seriously (such as non-trusted DNSSEC).
As mentioned in the ticket, tools like https://letsdebug.net/ and https://unboundtest.com/ are useful for identifying and explaining the problem to your DNS server administrator.