Good day!
I’ve got a problem with TLS certificates generation in my account.
Link to our previous issue that was resolved: TLS certificate generation failed
However, I faced it again - I’ve added one more custom domain name and certificates are not generated. Even after a few retries.
Could somebody have a look at issue as soon as possible?
Thanks in advance!
Good afternoon,
After checking your site today, again, I noticed that everything appeared to generate correctly (since this initial post).
It was suggested by an engineer on our team that this may be due to the number of domains covered in the certificate, and that simplifying it using a wildcard could reduce this error.
The error in particular they referred me to was:
While processing CAA for xxx.yyy.zzz: DNS problem: SERVFAIL looking up CAA for yyy.zzz - the domain’s nameservers may be malfunctioning.
Here’s a thread referencing that SERVFAIL error message they saw: DNS problem Servfail - Help - Let's Encrypt Community Support
Hello Tristan, now it’s happening again, could you please have a look at my account?
We looked again and see the same error as noted previously. However, we aren’t noticing failures with other customers and our engineering team believes this is likely an issue with your DNS.
My previous suggestion to use a wildcard domain may have been inaccurate since I don’t believe we are able to generate the certificate with Let’s Encrypt as a wildcard on your behalf.
The next step I would take is to look into your DNS and see if there are any other related issues or failures. For reference, the error we’re seeing is:
While processing CAA for xxx.yyy.zzz: DNS problem: SERVFAIL looking up CAA for yyy.zzz - the domain’s nameservers may be malfunctioning.
hello Tristan,
it looks like there is simply limit of numbers of subdomains we could have and this is the reason.
Meanwhile we have another problem - new certificate can not be generated and error shows timeout…
COuld you please assist?
I am trying to regenerate these myself now to see if it becomes successful. I’ve already reached out to our dev console team as well to see if they can add more information about the failure.
We identified a bug with a recent package update that caused an exception and subsequent timeout trying to generate your certificates.
I’ve confirmed with the team this has been resolved and your certificates are now showing active for me.
Sorry for the trouble experienced by this!
