Problem with DNSSEC, active but not

SrPeter · 2019-01-24 15:20:53 UTC

Hello!
Well having a little problem here when Im trying to renew my certificate on https://srpeter.com/
I searched a bit and found out that I have DNSSEC on my domain, but I havent activated on my register or in cloudflare…
https://dnssec-analyzer.verisignlabs.com/srpeter.com

And I found out I have… to many IPs?

So, when launching the renew I get a “unauthorized” and “To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address.”

Judge · 2019-01-25 01:51:33 UTC

DNSSEC being enabled on your DNS, but not at your registrar, won’t cause any issues.

Your problem is that Cloudflare currently can’t talk to your origin server due to an expired certificate, so when you try to renew with letsencrypt (or another ACME provider) it can’t access that file.

What you should do - at least temporarily - is go to CF dashboard -> domain -> Crypto and set SSL to “full” instead of full strict. This should make your website accessible so that the acme provider can verify your ownership and issue the certificate.

SrPeter · 2019-01-24 21:03:44 UTC

That was it!
Thanks a lot

system · 2019-02-23 21:04:06 UTC

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.