Symptoms
When running AutoSSL, the following error is logged.
CONFIG_TEXT: 10:19:59 AM ERROR “Let’s Encrypt™” DNS DCV error (mail.domain.tld): 400 urn:ietf:params:acme:error:dns (There was a problem with a DNS query) (DNS problem: looking up Record type for _acme-challenge.mail.domain.tld.lt: DNSSEC: DNSKEY Missing: validation failure
If DNSSEC is enabled but cannot be verified, AutoSSL will still attempt to get a certificate, but the certificate authority will not be able to verify the domain, resulting in the certificate issuance failing.
Cause
This occurs when DNSSEC is not set up properly on a domain.
- The domain is being moved between servers
- The user has activated DNSSEC through cPanel but not yet copied the proper items into the account at the registrar.
- The user has activated DNSSEC at the registrar, but not yet set it up on the cPanel account.
Resolution
Ensure that DNSSEC is configured at the registrar, and within your cPanel account and Zone file.
How do I know if DNSSEC is enabled on a domain?
Comments
0 comments
Article is closed for comments.