Plesk

Unable to install Let’s Encrypt: SERVFAIL looking up CAA for example.com

  • Dmitry Bystrov

    • Symptoms

    1. Unable to install Let's Encrypt extension:

      DNS Problem: SERVFAIL looking up CAA for example.com

    2. External name server is specified in Domains > example.com > DNS Settings.

    Cause

    Plesk Onyx 17.0 or 17.5 does not support CAA. Since CAA is missing, the external server returns error.

    Resolution

    1. Determine the SOA server for the domain:

      # dig SOA @8.8.8.8 example.com +short
      ns1.exampleproviderserver.com. support@exampleproviderserver.com. 17 900 600 86400 3600

    2. Contact the external name server owners to clarify why SERVFAIL error is returned. Normally, when a record like CAA is missing for domain, name servers return "no record" instead of SERVFAIL. 

      Note: CAA DNS records are supported in Plesk 17.8

      Note: the issue may be temporary. Try to issue the certificate once again in an hour.

    Tweet
    Share
    Share
    Email
    0 Shares