CAA Bind Problem

Every time Virtualmin uses certbot to generate a cert it adds this to the zone:
@ IN CAA 0 issuewild letsencrypt.org
This stops bind from being authoritative on the zone and I lose the domain until I remove this line and restart bind.
Using Bind9 which so far as I know is up to date and should work with CAA records, but this record does not look right to me. So far as I can see in the system I am not requesting a wildcard cert.

1 Like

Could you post your precise version of BIND? It’s possible that the latest version in your distro’s repositories still only supports the TYPE257 syntax.

Your issue sounds a lot like this bug report: https://www.virtualmin.com/node/69166

If you can locate the exact lines in the BIND log which list the cause of the zone not being loaded (as in the bug report), that could help too.

1 Like

Hi. That would be the issue with the same version of bind.

I used this to force an update for bind since it was not giving an update option.
https://linuxconfig.org/how-to-upgrade-debian-8-jessie-to-debian-9-stretch

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.