CAA record for dev.testapp.com prevents issuance

November 20, 2019 267 views
Let's Encrypt

Hi I’m hitting this error from this command. Please let me know what is missing?

$ sudo certbot --nginx -d www.dev.testapp.com -d dev.testapp.com
[sudo] password for testapp: 
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for dev.testapp.com
http-01 challenge for www.dev.testapp.com
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. dev.testapp.com (http-01): urn:ietf:params:acme:error:caa :: CAA record for dev.testapp.com prevents issuance, www.dev.testapp.com (http-01): urn:ietf:params:acme:error:caa :: CAA record for www.dev.testapp.com prevents issuance

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: dev.testapp.com
   Type:   None
   Detail: CAA record for dev.testapp.com prevents issuance

   Domain: www.dev.testapp.com
   Type:   None
   Detail: CAA record for www.dev.testapp.com prevents issuance

thanks

2 Answers

I had a typo in CAA record creation and that is I used letsencrypt.com instead of letsencrypt.org. Once I modified this I was able to run command successfully

Log file is showing this

snippet
"identifier": {
    "type": "dns",
    "value": "dev.testapp.com"
  },
  "status": "invalid",
  "expires": "2019-11-27T03:05:23Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "invalid",
      "error": {
        "type": "urn:ietf:params:acme:error:caa",
        "detail": "CAA record for dev.testapp.com prevents issuance",
        "status": 403
      },

Have another answer? Share your knowledge.