Skip to main content

AutoSSL error: "domain.tld" is unmanaged. Verify this domain’s registration and authoritative nameserver configuration to correct this problem.

Steven Sublett
  • Updated

Symptoms

AutoSSL doesn't order an SSL certificate for a domain, and a message similar to the following appears in the AutoSSL log:

CONFIG_TEXT: 5:41:33 PM ERROR “domain.tld” is unmanaged. Verify this domain’s registration and authoritative nameserver configuration to correct this problem.

 

Cause

This issue occurs when the server is unable to contact the root nameservers, the domain's authoritative nameservers report that they are not authoritative for the domain, the authoritative nameservers do not contain a zone file for the domain, or the domain's DNSSEC configuration on the authoritative nameservers is incorrect.

 

Resolutions

There are multiple items that should be reviewed when this error is observed from AutoSSL.

Reviewing your Domain

The most common cause for this error is due to the domain not resolving to your server correctly. The following items should be reviewed to ensure the domain is configured correctly.

  1. Ensure the domain uses the correct nameservers at the domain's registrar.
    How to find out where a domain's DNS is hosted
  2. If the domain uses DNSSEC, ensure that DNSSEC is configured correctly at the authoritative nameservers.
    How-To Enable DNSSEC on a Domain
  3. For domains that have their DNS handled by remote servers, ensure that the domain's DNS provider returns an authoritative response for the domain's DNS.
    Authoritative VS Non-Authoritative DNS Servers
Reviewing your Server

If the issue continues after verifying the information regarding your domain, the following are the most common causes of this issue that could occur due to the server's configuration.

  1. Verify that both TCP and UDP port 53 is open for inbound and outbound traffic through all security devices or firewalls.
    What ports should I open in my network firewall?

  2. AutoSSL performs DNS queries by performing lookups via the root nameservers. If the server is unable to reach the root nameservers, then it will be unable to validate the domain's DNS. This can be checked using the following command:

    # for i in {a..m}; do echo -n "$i.root-servers.net: "; dig -4 "$i".root-servers.net @"$i".root-servers.net +short;done

    If errors are observed from running the above, the server's firewall and network should be reviewed by the administrator and the restriction lifted.

  3. If a DNS proxy or DNS cache is in use in the network, it can result in non-authoritative responses being provided to AutoSSL. This can result in the DNS result being considered invalid, and thus display this error.
    AutoSSL states domain is unmanaged, but DNS can be queried from the server.

Related articles

Comments

0 comments

Article is closed for comments.