Browse by Category

360 Monitoring
0
AccelerateWP
12
Account & Billing
86
Backups
24
Cloudflare FAQs
19
CodeGuard Backup
0
cPanel
120
cPanel Databases
10
cPanel File Manager
35
cPanel Git
0
cPanel Resellers
11
Domain & DNS
111
Drupal
1
Email Hosting
85
FAQs
5
Joomla
2
Koality
0
Linux Administration
104
Plesk
92
Reseller Hosting
40
SEO Optimization
1
Sitejet
0
SiteLock
11
SitePad
1
Softaculous
45
SolusVM
0
Spam Experts
20
SSL/TLS
1
Web Apps
1
Web Hosting Addons
3
Website Security
60
Webuzo
0
Weebly Builder
6
WHMCS
35
WordPress
87
WP Squared
26
XOVI SEO
5

  Browse by Category

  Idea Storm

wordpress beginner wordpress tutorial wordpress guide wordpress hosting wp squared web hosting wp plugin phpMyAdmin cpanel hosting dns file manager backups terminal cli domain forwarding cloudflare User Management Permissions cPanel Web Hosting Security cPanel UAPI Server Migration Apache Directives Apache Migration htaccess PHP End of Life PHP CGIEmail Web Scripting Security Vulnerabilities Scripting Languages cPanel Email Management Web Hosting Management Email Quotas cPanel Interface Account Management cPanel Login cPanel Security Two-Factor Authentication Login Issues Cloudflare Configuration Troubleshooting Tips Domain Forwarder Email Forwarding File Management cPanel File Manager File Deletion Custom Error Pages cPanel Error Pages HTTP Status Codes Git Version Control Command Line (CLI) cPanel Metrics Awstats Resource Utilization Webalizer Website Statistics Email Configuration Email Ports cPanel Email Accounts cPanel Subdirectory Web Hosting Manager cPanel Webmail Mod_Pagespeed FTP Accounts Website Management File Sharing Team Collaboration Security SSH cPanel Backup IP Blocking Website Security Website Protection Email Security Multi-Factor Authentication cPanel Language SPF DKIM DMARC Email Deliverability cPanel Email Forwarding SFTP cPanel Team User User Roles cPanel Permissions DNSSEC DNS Security Domain Alias Addon Domains cPanel File Management Subdomains Alias Domains Email Autoresponders Mailing Lists Image Optimization Website Performance Image Editing Troubleshooting Browser Cache cPanel Terminal Command-Line Interface Data Security Download Files File Compression Website Migration DNS Management Website File Editing Text Editors ModPagespeed Website Optimization Domain Alias Redirection Website Traffic Management Domain Redirection SSL/TLS Certificate Installation AutoSSL Troubleshooting HTTPS Encryption cPanel SSL/TLS Status Secure Website Traffic File Extraction File Upload SSL/HTTPS Performance Optimization SSL/HTTPS Redirection Domain Hosting DNS Configuration Domain Security cPanel Zone Editor cPanel Username cPanel Password cPanel Access WebHostingM Support WHM Access Reseller Control Panel Web Host Manager Reseller Hosting Webmail Login Email Management Webmail Access cPanel Login Accessing cPanel cPanel Sub-Accounts Access Control SSH Login Security Enhancement CDN Integration WordPress Optimization API Key Management Payment Billing Promotional Credits Coupons Hosting Orders Verification Auto-Renewals Late Fees Bandwidth GST WebSpace SEPA PayPal Cancellation Suspension Email Address Password Reset Refunds Money-Back Guarantee Domain Transfer Domain Renewals Upgrade Paystack Hosting Support Language VAT Taxes Discounts Credit Card ACH Invoices Hosting Trial AccelerateWP WordPress XML-RPC FTP/SFTP REST API WordPress Toolkit Softaculous PHP X-Ray WordPress Plugins Databases Wo Plesk mod_lsapi CloudLinux Google Workspace mod_security nginx Imunify360 Joomla Drupal CodeGuard Jetbackup Roundcube BoxTrapper Horde Domain Management WHM Domain Registration Domain Suspension PowerDNS rDNS CNAME BIND MySQL Inodes WordPress Migration MTA-STS 2FA Dedicated IP Support Ticket SitePad Website Builder 301 Redirect Naked Domain Redirect WHMCS Cron WHMCS License WHMCS Security WHMCS Automation WHMCS Migration SEO XOVI Now Weebly Website Builder SpamExperts SiteLock ModSecurity Fail2Ban phpinfo SpamAssassin atop Plesk PHP settings Migration Firewall PHP Configuration Plesk File Manager Plesk FTP AlegroCart Backup Restoration Scheduled Backup Hostname Postfix SMTP CageFS OpCache EasyApache 4 WebHostingM Name Servers Contact Information Management Search Engine Indexing Email Issues catch-all-address Quota Plesk Security error-troubleshooting

  Support

Your Support Tickets
News & Announcements
Knowledgebase
Downloads
Network Status
New Ticket

How To Troubleshoot AutoSSL SERVFAIL and Nameserver DNS Issues Make it Rain Paper

  • DNS Management, DNS Configuration, AutoSSL Troubleshooting
  • 0

Pre-requirements

  • Access to SSH or terminal for executing commands.
  • Understanding of DNS records (NS, CAA, A) and server roles.

Overview of the Problem

When using the AutoSSL feature in cPanel to issue or renew SSL certificates, you may encounter DNS query errors in the AutoSSL log, such as:


WARN DNS query error (uptimestatus.page/CAA): SERVFAIL (2)

These errors typically indicate that AutoSSL cannot access the authoritative nameservers for your domain, preventing it from validating DNS CAA records required for SSL certificate issuance.

What Causes These DNS Query Errors?

  • Nameservers are down or not responding.
  • UDP port 53 is blocked or inaccessible.
  • The server is behind NAT and misconfigured.
  • A mismatch between registrar nameservers and NS records.
  • Local DNS resolvers are unresponsive or misconfigured.

Step 1: Understanding Tools for DNS Troubleshooting

1. WHOIS

The whois command retrieves domain registration details, including the nameservers configured at the domain registrar.

whois example.com | grep Name

2. DIG

The dig command is a DNS lookup utility used to query nameservers for specific DNS records. It's useful for checking if DNS records are configured correctly.

dig example.com +short NS

3. NSLOOKUP

nslookup is another DNS lookup tool used to query DNS records from a specific nameserver.

nslookup example.com ns1.example.com

Step 2: Check Registered Nameservers

First, retrieve the registered nameservers using WHOIS:

whois uptimestatus.page | grep Name

This will return a list of nameservers:


Name Server: ns1.mydnsnode.com
Name Server: ns2.mydnsnode.com
Name Server: ns3.mydnsnode.com
Name Server: ns4.mydnsnode.com

Step 3: Verify NS Records

Now, use DIG to check if the nameservers match the registrar's information:

dig uptimestatus.page +short NS

If the output matches the WHOIS data, you can proceed to query the individual nameservers:

dig ns1.mydnsnode.com

This should return the IP address of the nameserver:

ns1.mydnsnode.com. IN A 34.102.101.169

Step 4: Query Nameservers Directly

To check if the nameserver responds correctly, query it directly:

dig uptimestatus.page @34.102.101.169

Ensure that you get a valid response for the A record:


uptimestatus.page. IN A 35.158.144.28

Step 5: Use +trace to Check DNS Propagation

If the above steps do not resolve the issue, use DIG with the +trace option to perform a recursive DNS lookup starting at the root nameservers:

dig +trace uptimestatus.page

This will show each step of the lookup, helping identify where the failure occurs.

Step 6: Use cPanel's Built-in DNS Debugging Tool

If you are on a cPanel server and have root access, use the following command to diagnose AutoSSL issues:

/scripts/cpdig uptimestatus.page A --verbose

This will provide detailed DNS lookup results and help identify misconfigurations.

To adjust the domain's DNS including the nameservers that delegate a DNS zone to use the specified authoritative name server, visit DNS Functions >> DNS Zone Manager.

 

Common Issues and Solutions

1. Nameserver Unresponsive

If querying the nameserver times out, the nameserver may be down or misconfigured. Ensure the server is running and that UDP port 53 is open for DNS traffic.

2. Mismatch Between Registrar and NS Records

If the nameservers listed at the registrar do not match the domain's actual NS records, update the NS records to match or update the registrar's nameserver settings.

3. DNS Propagation Issues

If you've recently made changes to DNS settings, wait for the TTL to expire and ensure the changes have propagated fully.

4. SSL Certificate Issues

If AutoSSL fails due to SSL issues, verify that your SSL certificate is valid, correctly chained, and not expired.

Gotchas to Avoid

  • Ensure UDP port 53 is open and accessible.
  • Avoid mismatches between the registrar's nameservers and the actual NS records.
  • Make sure DNS propagation has been completed before troubleshooting DNS issues.
  • Use a secure, recursive DNS server for AutoSSL validation.

By following these troubleshooting steps, you can resolve most DNS-related AutoSSL issues. Understanding how to use tools like WHOIS, DIG, and NSLOOKUP will help you quickly diagnose and fix issues with DNS queries and nameserver configurations. If you continue to run into the same issue, please contact our technical support team.

Did this answer help?

Related Articles

How To Create New Users Or Add Team Users to Your WebHostingM cPanel Learn how to create and manage new users in cPanel using the Manage Team feature.  This... Changes To Keep in Mind When cPanel Migrating from Apache 2.2 to Apache 2.4 Learn how to migrate your application running on an old Apache 2.2 server to a newer Apache 2.4+... Can I Host A Website with Old PHP Versions with WebHostingM? Learn how to migrate PHP applications to a hosting platform supporting PHP versions 7.4 to 8.3.... Can I Use the CGIEmail Script on WebHostingM? Discover why using the CGIEmail script on WebHostingM is not recommended. Learn about the... How To Manage Email Account Quotas in cPanel Learn how to set a quota for email accounts in cPanel to manage mailbox storage effectively....
« Back

  Idea Storm

wordpress beginner wordpress tutorial wordpress guide wordpress hosting wp squared web hosting wp plugin phpMyAdmin cpanel hosting dns file manager backups terminal cli domain forwarding cloudflare User Management Permissions cPanel Web Hosting Security cPanel UAPI Server Migration Apache Directives Apache Migration htaccess PHP End of Life PHP CGIEmail Web Scripting Security Vulnerabilities Scripting Languages cPanel Email Management Web Hosting Management Email Quotas cPanel Interface Account Management cPanel Login cPanel Security Two-Factor Authentication Login Issues Cloudflare Configuration Troubleshooting Tips Domain Forwarder Email Forwarding File Management cPanel File Manager File Deletion Custom Error Pages cPanel Error Pages HTTP Status Codes Git Version Control Command Line (CLI) cPanel Metrics Awstats Resource Utilization Webalizer Website Statistics Email Configuration Email Ports cPanel Email Accounts cPanel Subdirectory Web Hosting Manager cPanel Webmail Mod_Pagespeed FTP Accounts Website Management File Sharing Team Collaboration Security SSH cPanel Backup IP Blocking Website Security Website Protection Email Security Multi-Factor Authentication cPanel Language SPF DKIM DMARC Email Deliverability cPanel Email Forwarding SFTP cPanel Team User User Roles cPanel Permissions DNSSEC DNS Security Domain Alias Addon Domains cPanel File Management Subdomains Alias Domains Email Autoresponders Mailing Lists Image Optimization Website Performance Image Editing Troubleshooting Browser Cache cPanel Terminal Command-Line Interface Data Security Download Files File Compression Website Migration DNS Management Website File Editing Text Editors ModPagespeed Website Optimization Domain Alias Redirection Website Traffic Management Domain Redirection SSL/TLS Certificate Installation AutoSSL Troubleshooting HTTPS Encryption cPanel SSL/TLS Status Secure Website Traffic File Extraction File Upload SSL/HTTPS Performance Optimization SSL/HTTPS Redirection Domain Hosting DNS Configuration Domain Security cPanel Zone Editor cPanel Username cPanel Password cPanel Access WebHostingM Support WHM Access Reseller Control Panel Web Host Manager Reseller Hosting Webmail Login Email Management Webmail Access cPanel Login Accessing cPanel cPanel Sub-Accounts Access Control SSH Login Security Enhancement CDN Integration WordPress Optimization API Key Management Payment Billing Promotional Credits Coupons Hosting Orders Verification Auto-Renewals Late Fees Bandwidth GST WebSpace SEPA PayPal Cancellation Suspension Email Address Password Reset Refunds Money-Back Guarantee Domain Transfer Domain Renewals Upgrade Paystack Hosting Support Language VAT Taxes Discounts Credit Card ACH Invoices Hosting Trial AccelerateWP WordPress XML-RPC FTP/SFTP REST API WordPress Toolkit Softaculous PHP X-Ray WordPress Plugins Databases Wo Plesk mod_lsapi CloudLinux Google Workspace mod_security nginx Imunify360 Joomla Drupal CodeGuard Jetbackup Roundcube BoxTrapper Horde Domain Management WHM Domain Registration Domain Suspension PowerDNS rDNS CNAME BIND MySQL Inodes WordPress Migration MTA-STS 2FA Dedicated IP Support Ticket SitePad Website Builder 301 Redirect Naked Domain Redirect WHMCS Cron WHMCS License WHMCS Security WHMCS Automation WHMCS Migration SEO XOVI Now Weebly Website Builder SpamExperts SiteLock ModSecurity Fail2Ban phpinfo SpamAssassin atop Plesk PHP settings Migration Firewall PHP Configuration Plesk File Manager Plesk FTP AlegroCart Backup Restoration Scheduled Backup Hostname Postfix SMTP CageFS OpCache EasyApache 4 WebHostingM Name Servers Contact Information Management Search Engine Indexing Email Issues catch-all-address Quota Plesk Security error-troubleshooting

  Support

Your Support Tickets
News & Announcements
Knowledgebase
Downloads
Network Status
New Ticket