Starting from ~13 hours ago we can't issue certificates agains LE staging. We get the following error from cert-manager:
Error accepting authorization: acme: authorization error for some.domain:
400 urn:ietf:params:acme:error:dns: DNS problem: NXDOMAIN looking up CAA for
some.domain - check that a DNS record exists
for this domain'
We never had CAA record and AFAIK it's optional.
Can you assist?
I wonder if something went wrong with this change, which was deployed to staging a bit less than a day ago. I think it will probably get rolled back or fixed soon!
I tried to reproduce the issue myself but couldn't.
There were changes made to staging on ~2023-05-23T18:00:00Z that do involve serverside DNS changes, so chances are that something is currently wrong with staging. Production is currently running an older build.
We have merged the fix that Osiris linked above, and tagged a hotfix release which includes that fix. It should go to Staging soonish, and the current version which is exhibiting this broken behavior in Staging will not go to Prod.