SSL certificate error

when I want to renew my SSL Certificate I can see that:
The CNAME record is set up correctly!
Please click the Request Certificate button below to start the issuance process.

But during the process I get
SSL certificate error: The provider encountered an error verifying the DNS settings of your domain name. Please double check your nameserver settings and try again later.
Error detail: DNS problem: looking up TXT for _acme-challenge.pythi.eu: DSSL certificate error: The provider encountered an error verifying the DNS settings of your domain name. Please double check your nameserver settings and try again later.

I changed NOTHING!
Wh do get this error??

Hello, and welcome back to the InfinityFree Forum!

Sometimes, when issuing an SSL certificate, the provider has issues with verifying the domain. I have found that if this issue occurs, and your domain has the correct CNAME and NS records, you may have to wait a bit before re-issuing an SSL. This issue can also occur if there are many SSLs being issued on the platform at the time.

I already have this issue more than a week!!

I checked your domain name, and I think the issue is caused because your have DNSSEC enabled for your domain at your domain registry. Our nameservers don’t support DNSSEC, so the correct records to ensure that our namesevers are authorized to respond to your domain are missing.

This means that people whose systems are setup to check for DNSSEC will not be able to access your domain name. And all SSL certificate issuers validate DNSSEC.

So please disable DNSSEC on your domain to continue. You should be able to do this with your domain name provider.

DNSSEC
DNSSEC (“Domain Name System Security Extensions”) is a standard protocol designed to address DNS security issues. Once signed, the security of this domain will be improved.

Your domain name is registered with Netim, but you use external nameservers.
To activate the DNSSEC protocol, you need to add “DS” (Delegated Signer) records.

Current DS records:
Flag Protocol Algorithm Public Key
No DS record

And like I said: our nameservers don’t support DNSSEC. So you will need to disable DNSSEC at your registrar for your domain to work correctly.

image362×117 3.64 KB

it is disabled

I just checked and it appears you were able to successfully obtain a certificate. So I guess it worked?

It worked after I deleted all settings from my provider and reinstalled the ns1.epizy.com nameservers

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.

What am I doing wrong?
Netim.com is under maintainence. Is this the reason?

SSL certificate error: The provider encountered an error verifying the DNS settings of your domain name. Please double check your nameserver settings and try again later.

Error detail: DNS problem: looking up TXT for _acme-challenge.mathsnachhilfe.eu: DNSSEC: DNSKEY Missing: validation failure <_acme-challenge.mathsnachhilfe.eu. TXT IN>: No DNSKEY record from 198.251.86.152 for key mathsnachhilfe.eu. while building chain of trust

It looks like your domain is using DNSSEC, which isn’t supported. Please remove DNSSEC.

(Article for reference)

I merged your topics.

The same issue applies: DNSSEC is enabled on your domain so anyone who is checking for DNSSEC will be unable to access your domain name. SSL certificate providers always check for DNSSEC, so they will be unable to find the verification records.

Our nameservers don’t support DNSSEC, so we cannot fix this issue for you. Please disable DNSSEC on your domain name. If you’re not sure how to do this, or the setting you have does not appear to work, please contact your domain name provider.

Netim is making me CRAZY. I dont have any DNS-Settings.
Yesterday netim was down the whole day

my nameservers are entered correct.
Hope their support can clear this up!

Problem from netim has been solved!