CAA record for prevents issuance

Hello there,
I have been trying to reissue https certificate from gethttpsforfree.com for domain justis.ecourts.gov.in. But at 4 step verify Ownership whent hit button submit challenge for justis.ecourts.gov.in I am getting an error " Error: Domain challenge failed. Please start back at Step 1. {“identifier”:{“type”:“dns”,“value”:“justis.ecourts.gov.in”},“status”:“invalid”,“expires”:“2019-09-25T04:57:49Z”,“challenges”:[{“type”:“http-01”,“status”:“invalid”,“error”:{“type”:“urn:ietf:params:acme:error:caa”,“detail”:“CAA record for justis.ecourts.gov.in prevents issuance”,“status”:403},“url”:“https://acme-v02.api.letsencrypt.org/acme/chall-v3/392204106/z9iv0Q",“token”:“yBlU7-cf1eXfQariunczxHk4HYchWVTSFAzEWW12xIw”,“validationRecord”:[{“url”:“http://justis.ecourts.gov.in/.well-known/acme-challenge/yBlU7-cf1eXfQariunczxHk4HYchWVTSFAzEWW12xIw”,“hostname”:“justis.ecourts.gov.in”,“port”:“80”,“addressesResolved”:[“164.100.79.152”],“addressUsed”:“164.100.79.152”}]},{“type”:“dns-01”,“status”:“invalid”,“url”:“https://acme-v02.api.letsencrypt.org/acme/chall-v3/392204106/9AX_6A”,“token”:“yBlU7-cf1eXfQariunczxHk4HYchWVTSFAzEWW12xIw”},{“type”:“tls-alpn-01”,“status”:“invalid”,“url”:“https://acme-v02.api.letsencrypt.org/acme/chall-v3/392204106/HZ_qvQ”,“token”:"yBlU7-cf1eXfQariunczxHk4HYchWVTSFAzEWW12xIw”}]} "

Note: this time I was regenerating certificate because my previous certificate is expired.

The domain has a CAA record that bans all CAs from issuing certificates for it.

$ dig +noall +answer ecourts.gov.in caa
ecourts.gov.in.         1796    IN      CAA     0 issue ";"

Contact the domain admin to discuss it. The record either needs to be removed or one has to be added with a value of letsencrypt.org.

If you don’t manage the DNS for this domain, I think you would need to contact the IT department of “eCommittee, Supreme Court of India” and ask them about it.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.