Symptoms
AutoSSL is unable to issue an SSL certificate for a domain or set of domains, in the AutoSSL log(s) you see output similar to this:
HH:MM:SS AM ERROR “domain.tld” is unmanaged. Verify this domain’s registration and authoritative nameserver configuration to correct this problem.
When using the cpdig script to troubleshoot you see REC_LAME responses such as the one below:
/scripts/cpdig domain.tld A --verbose
[1723863691] libunbound[3162671:0] notice: init module 0: validator
[1723863691] libunbound[3162671:0] notice: init module 1: iterator
[1723863691] libunbound[3162671:0] info: resolving domain.tld. A IN
[1723863691] libunbound[3162671:0] info: priming . IN NS
[1723863691] libunbound[3162671:0] info: response for . NS IN
[1723863691] libunbound[3162671:0] info: reply from <.> ip.ad.dr.es#53
[1723863691] libunbound[3162671:0] info: query response REC_LAME: recursive but not authoritative server
[1723863691] libunbound[3162671:0] info: mark as REC_LAME
...
Description
This REC_LAME response indicates that when the server attempted to query for the DNS record, the answer comes from a non-authoritative source. AutoSSL is expected to complete the full DNS lookup as part of the SSL Proofing process, anything that interferes with the cPanel AutoSSL proofing process will lead to the cPanel server not being able to complete this validation.
Workaround
You will need to work with your Network administrator, or server host to ensure that the cPanel server is able to complete a full DNS lookup without any external applications intercepting and providing DNS responses out of order.
Comments
0 comments
Article is closed for comments.