Symptoms
AutoSSL doesn't order an SSL certificate for a domain and a message similar to the following appears in the AutoSSL log.
5:41:33 PM ERROR “domain.tld” is unmanaged. Verify this domain’s registration and authoritative nameserver configuration to correct this problem.
Description
This issue occurs when the server is unable to contact the root nameservers, the domain's authoritative nameservers report that they are not authoritative for the domain, the authoritative nameservers do not contain a zone file for the domain, or the domain's DNSSEC configuration on the authoritative nameservers is incorrect.
Workaround
- If there are timeouts when the following command is run from the command line, the server's system administrator will have to review the firewall rules to ensure that all inbound and outbound UDP traffic is accepted on port 53.
for i in {a..m}; do echo -n "$i.root-servers.net: "; dig -4 "$i".root-servers.net @"$i".root-servers.net +short;done
Please note that, depending on the cause of the timeouts, it may be necessary to work with the server's network provider to resolve the timeouts. -
If the domain points to the incorrect nameservers, the nameservers will have to be updated at the domain's registrar.
-
If the authoritative nameservers report that they are not authoritative for the domain, the domain's zone file will have to be edited to correct the SOA record.
-
If the authoritative nameservers do not contain the domain's zone file, the zone file will have to be replaced or rebuilt.
- If the domain's DNSSEC configuration is incorrect on the authoritative nameservers, the configuration will have to be corrected. Alternatively, DNSSEC can be disabled at the registrar.