Page 1 of 1

DNS problem: SERVFAIL looking up CAA for DOMIAN (Let's Encrypt)

Posted: Thu Mar 03, 2022 3:14 am
by mampsupportmod
Today I went to renew several SSL's in Let's Encrypt with certbot and randomly got a failed validation:

Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
Domain:
Type: dns
Detail: DNS problem: SERVFAIL looking up CAA for - the domain's nameservers may be malfunctioning

Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.


In my case, it was a network fluke. A subsequent certbot renew on the www domain worked fine a 2nd time around.