Welcome to The Hive
Domain http://www.colmena.biz ... no https yet. Still waiting out SERVFAIL issues with DNS.
Some old public key DS records were hanging around after we were moved to a different provider, and the zone file no longer had a valid DNSSEC signature because the corresponding private DSKEY files to go with the public key records were lost.
Certbot, understandably enough, validates DNSSEC very carefully before issuing TLS certificates.
Hopefully, DNSSEC is not so much required in this respect, as it is not always available, only that if it present, then it must validate.
Meanwhile please visit our blog Mushroom.Global.
Consult the User's Guide for information on using the wiki software.