softhauz Posted December 29, 2024 Posted December 29, 2024 Good morning, as per HelioHost's current procedure, DNS records cannot be directly modified by users and need to have a support request based on this article, for "domains as well as user-supplied domains which are pointed to our nameservers (which are ns1.heliohost.org and ns2.heliohost.org)." My Goal: Obtain a basic Let's Encrypt certificate The message from Plesk is that there is no DNSKEY record from 64.62.211.133, when a basic certificate is attempted. Here are some information you might need: Domain - softhauz.tech (already pointing to ns1.heliohost.org and ns2.heliohost.org nameservers) Username - softhauz My email for any further sensitive information - softhauz@outlook.com I will respond usually ASAP or within 12 hours. Thank you! Quote
softhauz Posted December 29, 2024 Author Posted December 29, 2024 so far, so good. My goal is to have HTTPS protocol enabled for softhauz.tech. Quote
wolstech Posted December 29, 2024 Posted December 29, 2024 It looks like propagation hasn't finished (it can take several hours, up to 48 in worst case). A few places have old NS records for bluehost. Many servers return nothing at all. https://www.whatsmydns.net/#NS/softhauz.tech Our system does not support DNSSEC. Lets Encrypt should not be requiring DNSKEY records for domains hosted here. The invalid records show this: host: softhauz.tech class: IN ttl: 98 type: NS target: ns2.bluehost.com host: softhauz.tech class: IN ttl: 98 type: A ip: 66.81.203.198 host: softhauz.tech class: IN ttl: 98 type: NS target: ns1.bluehost.com Quote
softhauz Posted January 8 Author Posted January 8 Hello, I tried to re-attempt the SSL/TLS certificate for softhauz.tech, but it's still not being issued. Here's the error message: Here's my current settings on nameservers for my domain host (BLUE HOST): And here's my settings for HELIOHOST (Tommy): The redirect from HTTP to HTTPS is disabled. Please advise, thank you. Quote
wolstech Posted January 8 Posted January 8 Something is trying to enforce DNSSEC still. Our system does not support DNSSEC, so it will never succeed until whatever is enforcing that is turned off. It is hitting the right server now though (the 65.19.143.3 is our NS1). Is there an option at your registrar by chance for DNSSEC? If so, you'll need to turn that off. EDIT: This looks like a registrar or DNS issue on their side. This domain still hasn't propagated properly after a week: https://www.whatsmydns.net/#NS/softhauz.tech Quote
softhauz Posted January 9 Author Posted January 9 (edited) Thank you, I will look into the DNSSEC for softhauz.tech. Edited January 9 by softhauz Quote
wolstech Posted January 9 Posted January 9 It looks like something has changed between my last post and now, as the certificate just issued successfully and the DNS issues don't appear to exist anymore in the above link. Webmail didn't get a certificate, but that looks like it may be temporary and related to server performance (roundcube isn't working either at the moment). The server should just retry that on its own. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.