DNS problem: SERVFAIL looking up CAA


I’m a newb MIAB user. Out of the box, MIAB just worked for me. On day one I setup a TLS certificate provisioned from Let’s Encrypt. I thought that it would automatically regenerate itself, but it didn’t, and now when I try to manually provision one I get the error “DNS problem: SERVFAIL looking up CAA for fleckmail.com

MIAB is running on a Digital Ocean VM running Ubuntu 14.04.

I’ve got no idea how to tackle this issue. Any advice would be greatly appreciated.


Guessing the domain you want to provision/ renew a Let’s Encrypt certificate is: fleckmail.com you need to add a custom CAA DNS record as follows:

Domain name: fleckmail.com
Record Type: CAA
Value: 0 issuewild “letsencrypt.org”


CAA records are completely optional – setting a CAA record has nothing to do with provisioning a Let’s Encrypt certificate. The error most likely indicates a general DNS error (see this).

@sfkHooper: Are you using your Mail-in-a-Box for DNS (or are you using external DNS)?


Thanks @just4t, this is exactly what was required. An instant fix to the problem.


Yes, using MIAB for DNS. @just4t had the right answer in my case. Thanks.


Ok. You two are probably the only two people who set CAA records. For everyone else Let’s Encrypt is working fine without them.


:slight_smile: Sounds good, too …

[SOLVED] Let's Encrypt SERVFAIL error looking up A

@JoshData Here some links about that may be of help, too:

  • This one confirms CAA record(s) are not mandatory.
  • But this one let us know: the DNS Server software must be updated so that it doesn’t return an error when asked about CAA.

Hope this helps.