certbot, the following message appears:
query timed out looking up CAA for mydomain.com
It appears that boulder is trying to query my DNS with a CAA record.
However, my ISP’s DNS does not support CAA, and the following command times out:
$ dig mydomain.com @ns1.my-isp.com CAA ... ;; connection timed out; no servers could be reached
$ dig mydomain.com @ns1.my-isp.com TYPE259 ... ;; connection timed out; no servers could be reached
(Just to be clear: It does not return an empty answer or no answer. dig times out waiting for an answer.)
A regular (
CNAME…) query on the same DNS runs correctly:
$ dig mydomain.com @ns1.my-isp.com A (runs OK!)
I have contacted my ISP, and they have no means to fix this problem in the foreseeable future.
Because of some business related reasons, moving to a different hosting provider or switching DNS servers is currently impossible.
Can I still use letsencrypt?