CAA record for prevents issuance

Hello there,
I have been trying to reissue https certificate from for domain But at 4 step verify Ownership whent hit button submit challenge for I am getting an error " Error: Domain challenge failed. Please start back at Step 1. {“identifier”:{“type”:“dns”,“value”:“”},“status”:“invalid”,“expires”:“2019-09-25T04:57:49Z”,“challenges”:[{“type”:“http-01”,“status”:“invalid”,“error”:{“type”:“urn:ietf:params:acme:error:caa”,“detail”:“CAA record for prevents issuance”,“status”:403},“url”:“",“token”:“yBlU7-cf1eXfQariunczxHk4HYchWVTSFAzEWW12xIw”,“validationRecord”:[{“url”:“”,“hostname”:“”,“port”:“80”,“addressesResolved”:[“”],“addressUsed”:“”}]},{“type”:“dns-01”,“status”:“invalid”,“url”:“”,“token”:“yBlU7-cf1eXfQariunczxHk4HYchWVTSFAzEWW12xIw”},{“type”:“tls-alpn-01”,“status”:“invalid”,“url”:“”,“token”:"yBlU7-cf1eXfQariunczxHk4HYchWVTSFAzEWW12xIw”}]} "

Note: this time I was regenerating certificate because my previous certificate is expired.

The domain has a CAA record that bans all CAs from issuing certificates for it.

$ dig +noall +answer caa         1796    IN      CAA     0 issue ";"

Contact the domain admin to discuss it. The record either needs to be removed or one has to be added with a value of


If you don’t manage the DNS for this domain, I think you would need to contact the IT department of “eCommittee, Supreme Court of India” and ask them about it.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.