Open HerroBert opened 2 years ago
DNS problem: SERVFAIL looking up CAA
The DNS Server is not responding correctly to requests for the CAA record. The DNS server can say "I dont have one" or "Here it is" but it cannot respond SERVFAIL
Often this has to do with incorrect DNSSEC. This tool helps identify such problems: https://dnsviz.net/
Other DNS configuration problems can cause this. You might want to try posting on the Let's Encrypt community forum https://community.letsencrypt.org/ They will need to know your actual domain name for good advice on DNS problems especially.
There is no dsnsec for that domain.
Did dnsviz point to any other problems?
unboundtest.com mimics what Let's Encrypt servers do to get DNS records (CAA, TXT, ...). It requires DNS experience to understand but perhaps this can help you debug the problem yourself if you are unwilling to share your domain name.
I am not expert at DNS so these commonly used tools are the best I can offer.
I know DNS very well. I tried again and that worked. But this error message is still there: curl: (3) URL using bad/illegal format or missing URL
I am sure Tim will respond at some point.
Do you get any helpful info using -d
(debug) on the command line? I could only guess it is related to the wildcard request and I don't use one with getssl to try it.
I checked with another domain and saw, that del-script is causing this problem: removing DNS RR via command: /home/user/.getssl/dns_del_ionos example.de NH_2Dnh...g180w6zKHg curl: (3) URL using bad/illegal format or missing URL
Should not be too difficult to find the underlying reason. That ionos script is really small: https://github.com/srvrco/getssl/blob/master/dns_scripts/dns_del_ionos Their docs: https://developer.hosting.ionos.com/docs/dns
Another acme client, acme.sh, has a lot of DNS API plug-ins. Maybe compare theirs to this one for clues? https://github.com/acmesh-official/acme.sh/blob/master/dnsapi/dns_ionos.sh
Sorry if this is rudimentary or not helpful. Just ideas in hopes of helping.
I think the record curl call is faulty.
I got a jq error:
jq: error (at
There is no part called records in that curl output. So _RECORDID does not get any number.
edit: and btw this script is not capable of customer accounts with multiple domains.
Describe the bug dns script dns_add_ionos show errors:
To Reproduce Steps to reproduce the behavior:
Expected behavior No error and completed cert creation
Operating system (please complete the following information):
Additional context First try with IONOS-API. Do I really have put api-key into dns-script? That is strange.