Question

CAA record for dev.testapp.com prevents issuance

Posted November 20, 2019 777 views
Let's Encrypt

Hi I’m hitting this error from this command. Please let me know what is missing?

$ sudo certbot --nginx -d www.dev.testapp.com -d dev.testapp.com
[sudo] password for testapp: 
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for dev.testapp.com
http-01 challenge for www.dev.testapp.com
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. dev.testapp.com (http-01): urn:ietf:params:acme:error:caa :: CAA record for dev.testapp.com prevents issuance, www.dev.testapp.com (http-01): urn:ietf:params:acme:error:caa :: CAA record for www.dev.testapp.com prevents issuance

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: dev.testapp.com
   Type:   None
   Detail: CAA record for dev.testapp.com prevents issuance

   Domain: www.dev.testapp.com
   Type:   None
   Detail: CAA record for www.dev.testapp.com prevents issuance

thanks

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
2 answers

I had a typo in CAA record creation and that is I used letsencrypt.com instead of letsencrypt.org. Once I modified this I was able to run command successfully

Log file is showing this

snippet
"identifier": {
    "type": "dns",
    "value": "dev.testapp.com"
  },
  "status": "invalid",
  "expires": "2019-11-27T03:05:23Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "invalid",
      "error": {
        "type": "urn:ietf:params:acme:error:caa",
        "detail": "CAA record for dev.testapp.com prevents issuance",
        "status": 403
      },

Submit an Answer