So my problem is this: I have a root domain which is from 1&1 (Ionos) and that has its own SSL certificate. I also have another server running an application using Digital ocean which also needs an SSL cert. But because this server is a subdomain, certbot just spits this error out whenever I attempt to create a new cert.
sudo certbot --nginx -v
Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator nginx, Installer nginx
Which names would you like to activate HTTPS for?
Select the appropriate numbers separated by commas and/or spaces, or leave input blank to select all options shown (Enter ‘c’ to cancel): 1 Requesting a certificate for chat.crypto******.com Performing the following challenges: http-01 challenge for chat.crypto******.com Waiting for verification… Challenge failed for domain chat.crypto******.com http-01 challenge for chat.crypto******.com
Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems: Domain: chat.crypto******.com Type: dns Detail: DNS problem: SERVFAIL looking up CAA for cryptogmrprofiles.com - the domain’s nameservers may be malfunctioning
Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.
Cleaning up challenges Some challenges have failed. Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.