If the error message doesn’t say, there isn’t a convenient way to know. Check that your ACME client is displaying the full error message. Its logs may contain more information.
In any case, i tried a quick for loop, and the only problematic name seems to be
www.axwaywebinars.com. But i didn’t check parent domains, so i could have missed something.
$ dig www.axwaywebinars.com caa
; <<>> DiG 9.10.3-P4-Ubuntu <<>> www.axwaywebinars.com caa
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31677
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.axwaywebinars.com. IN CAA
;; ANSWER SECTION:
axwaywebinars.com. 86296 IN DNAME axway.com.
www.axwaywebinars.com. 86296 IN CNAME www.axway.com.
www.axway.com. 3496 IN CNAME axway.com.
;; AUTHORITY SECTION:
axway.com. 793 IN SOA ns1.axway.net. hostmaster.axway.com. 608 900 900 3600 900
;; Query time: 0 msec
;; SERVER: ::1#53(::1)
;; WHEN: Thu Sep 21 15:44:56 UTC 2017
;; MSG SIZE rcvd: 171
You ought to be able to solve this by adding a quick (though redundant) record, “
www.axwaywebinars.com. CNAME www.axway.com.”. Or by entirely ceasing to use
DNAME. It’s pretty obscure, but that would be less convenient.