Error issuing Let's Encrypt SSL

jgrispa

I am setting up a mail server and am am being able to issue SSL certificates for mail subdomain if the domain is in Cloudflare, however if the domain points to my DNS (glue and rDNS records properly setup), I am getting the following error:

Failed to issue a Let's Encrypt certificate for [domain name]: LetsEncrypt challenge failed for [domain name]: Some(ServerError { type: Some("urn:ietf:params:acme:error:dns"), title: None, status: Some(400), detail: Some("DNS problem: looking up A for [domain name]: DNSSEC: DNSKEY Missing: validation failure <[domain name]. A IN>: No DNSKEY record from 178.156.133.127 for key [domain name]. while building chain of trust; DNS problem: looking up AAAA for [domain name]: DNSSEC: DNSKEY Missing: validation failure <[domain name]. AAAA IN>: No DNSKEY record from 178.156.133.127 for key [domain name]. while building chain of trust") })

I may end up using CF integration but still want to learn why this is happening (love to learnand understand why everything happens). I am on a Netcup server (but no the root ones, though i can access it using root as user) and i read somewhere that to be able to issue Let's Encypt SSL server must have root access.

Is that the cause of the problem or is it something else?

Adam

It sounds like you might have DNSSEC enabled with records from a previous DNS provider. You can either disable DNSSEC with your domain registrar or enable it in Enhance and copy across the DS records to the registrar's control panel. This should solve your Let's Encrypt problem.

jgrispa

That was it. I would have never figured it out, because I never asked to have DNSSEC enabled.

To me Enhance is not the easiest or the cheapest for my needs, but it gives you much more control than other panels out there, plus Enhance team and this community is amazing. Best in class.

I still need to learn to optimize my WP server to make it faster though

Thank you Adam