Related

Join the DigitalOcean Community Community

Join 1M+ other developers and:

  • Get help and share knowledge in Q&A
  • Subscribe to topics of interest
  • Get courses & tools that help you grow as a developer or small business owner
 Join Now
how to enable HTTP/2 after installing SSL via letsencrypt in command line Question Question
Webmin - Lets' encrypt SSL_ERROR_RX_RECORD_TOO_LONG (Firefox) Question Question

Question

CAA record for dev.testapp.com prevents issuance

Posted November 20, 2019 3.3k views
Let's Encrypt

Hi I’m hitting this error from this command. Please let me know what is missing?

$ sudo certbot --nginx -d www.dev.testapp.com -d dev.testapp.com
[sudo] password for testapp: 
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for dev.testapp.com
http-01 challenge for www.dev.testapp.com
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. dev.testapp.com (http-01): urn:ietf:params:acme:error:caa :: CAA record for dev.testapp.com prevents issuance, www.dev.testapp.com (http-01): urn:ietf:params:acme:error:caa :: CAA record for www.dev.testapp.com prevents issuance

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: dev.testapp.com
   Type:   None
   Detail: CAA record for dev.testapp.com prevents issuance

   Domain: www.dev.testapp.com
   Type:   None
   Detail: CAA record for www.dev.testapp.com prevents issuance

thanks

Add a comment
By:
bengaltiger

Related

Join the DigitalOcean Community Community

Join 1M+ other developers and:

  • Get help and share knowledge in Q&A
  • Subscribe to topics of interest
  • Get courses & tools that help you grow as a developer or small business owner
 Join Now
how to enable HTTP/2 after installing SSL via letsencrypt in command line Question Question
Webmin - Lets' encrypt SSL_ERROR_RX_RECORD_TOO_LONG (Firefox) Question Question

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
Submit an Answer
2 answers
bengaltiger November 20, 2019

I had a typo in CAA record creation and that is I used letsencrypt.com instead of letsencrypt.org. Once I modified this I was able to run command successfully

Reply Report
bengaltiger November 20, 2019

Log file is showing this 

snippet
"identifier": {
    "type": "dns",
    "value": "dev.testapp.com"
  },
  "status": "invalid",
  "expires": "2019-11-27T03:05:23Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "invalid",
      "error": {
        "type": "urn:ietf:params:acme:error:caa",
        "detail": "CAA record for dev.testapp.com prevents issuance",
        "status": 403
      },
Reply Report

Related

Looking for something else?

Ask a new question Search for more help