DNS problem: SERVFAIL looking up CAA


#1

I’m a newb MIAB user. Out of the box, MIAB just worked for me. On day one I setup a TLS certificate provisioned from Let’s Encrypt. I thought that it would automatically regenerate itself, but it didn’t, and now when I try to manually provision one I get the error “DNS problem: SERVFAIL looking up CAA for fleckmail.com

MIAB is running on a Digital Ocean VM running Ubuntu 14.04.

I’ve got no idea how to tackle this issue. Any advice would be greatly appreciated.


#2

Guessing the domain you want to provision/ renew a Let’s Encrypt certificate is: fleckmail.com you need to add a custom CAA DNS record as follows:

Domain name: fleckmail.com
Record Type: CAA
Value: 0 issuewild “letsencrypt.org”


#3

CAA records are completely optional – setting a CAA record has nothing to do with provisioning a Let’s Encrypt certificate. The error most likely indicates a general DNS error (see this).

@sfkHooper: Are you using your Mail-in-a-Box for DNS (or are you using external DNS)?


#4

Thanks @just4t, this is exactly what was required. An instant fix to the problem.


#5

Yes, using MIAB for DNS. @just4t had the right answer in my case. Thanks.


#6

Ok. You two are probably the only two people who set CAA records. For everyone else Let’s Encrypt is working fine without them.


#7

:slight_smile: Sounds good, too …


[SOLVED] Let's Encrypt SERVFAIL error looking up A
#8

@JoshData Here some links about that may be of help, too:

  • This one confirms CAA record(s) are not mandatory.
  • But this one let us know: the DNS Server software must be updated so that it doesn’t return an error when asked about CAA.

Hope this helps.