See more

Issuing a Let's Encrypt certificate in Plesk fails when using external DNS: DNS problem: SERVFAIL looking up CAA for example.com

Julian Bonpland Mignaquy

Updated July 17, 2023 09:38

kb: technical ext: sslit

Symptoms

An attempt to issue a Let's Encrypt certificate in Plesk fails with the following error:

CONFIG_TEXT: Invalid response from https://acme-v02.api.letsencrypt.org/acme/finalize/170110130/120505529288.

Details:
Type: urn:ietf:params:acme:error:caa
Status: 403

Detail: Error finalizing order :: While processing CAA for example.com: DNS problem: SERVFAIL looking up CAA for example.com - the domain's nameservers may be malfunctioning
External DNS service is being used to host the domain DNS Zone.

Cause

External DNS server does not process CAA requests correctly and SERVFAIL is returned instead of NOERROR.

Resolution

Contact DNS server administrator to address the issue.

As workaround:

Add a CAA record like below example into the externally hosted domain DNS zone:

CONFIG_TEXT: example.com. CAA 0 issue "letsencrypt.org"

Comments

0 comments

Please sign in to leave a comment.

Have more questions? Submit a request