CAA failed after ubuntu upgrade

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: www.illuminosi.com

I ran this command:
certbot --apache

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Which names would you like to activate HTTPS for?
We recommend selecting either all domains, or all domains in a VirtualHost/server block.

1: www.illuminosi.com

Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel):
Requesting a certificate for www.illuminosi.com

Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:
Domain: www.illuminosi.com
Type: dns
Detail: During secondary validation: While processing CAA for www.illuminosi.com: DNS problem: looking up CAA for www.illuminosi.com: DNSSEC: Bogus: validation failure <www.illuminosi.com. CAA IN>: nodata proof failed from 162.159.26.217

Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to this Apache server and that it is accessible from the internet.

Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

My web server is (include version):
apache 2.4.58

The operating system my web server runs on is (include version):
Ubuntu 24.04.3 LTS

My hosting provider, if applicable, is:
self

I can login to a root shell on my machine (yes or no, or I don't know):
yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
2.9.0

This all worked perfectly for my server was running ubuntu 20.4 LTS. I recently upgraded to 24.04, and certbot began giving problems, so I did an install of certbot (it did not recognize the previous version)

This is trying to explain the problem: Your domain's DNSSEC is extremely broken. This isn't directly related to CAA, nor related to the OS on your server. It's your DNS provider (which looks to be Network Solutions) not knowing how to run a DNS server. You'll see several posts if you search for Network Solutions on the forum, that they just give horribly broken DNSSEC responses, which means that your domain doesn't work (for getting a certificate or otherwise), and they just don't seem to know or care.

Your options are probably:

1. Stick with Network Solutions, and either just remove DNSSEC or try to convince them to give valid DNSSEC responses.
2. Change your DNS service provider to a more competent organization.

That was it- thank you so much. I had forgotten that I'd made those tweaks to my DNS a while ago. Looks like I need to upgrade my DNS service provider.