Check this out for all details you need… hopefully.
“sudo letsencrypt renew” returned following. Since ssl is valid only for week now, and couldn’t find any step-2-step guide for this issue, I’ve created new thread.
System is running on raspberry pi 3B+ & raspbian, kernel version 4.19.66-v7. Only use this for hosting owncloud server.
Since I’ve got my domain via my router’s configuration page, I have no information nor knowledge to DNS I’m using. (Picture is showing another domain I can’t get certificate from, but you get the point.)
There is no CAA record for koishinorouter.ipdisk.co.kr, so Let’s Encrypt looks at the hostname with a DNS field less: ipdisk.co.kr. That hostname does have a CAA record:
ipdisk.co.kr. 38400 IN CAA 0 issue ";"
ipdisk.co.kr. 38400 IN CAA 0 issuewild ";"
This prevents the issuance of any certificate authority.
You can restart issuing certificates again by generating your own CAA record and put it at koishinorouter.ipdisk.co.kr. See for example https://sslmate.com/caa/ to generate a CAA record.
Thanks for reply! But this brings few new question to me that google couldn’t answer (Sorry for lack of knowledge!):
How I ‘put’ CAA in domain?
Why letsencrypt didn’t have this problem when I first issued certificate for this exact domain? That was just 3 months ago, long after CAA bug in letsencrypt.
The only option iptime providing for DDNS is name field, no CAA fields at all. In this case I can’t renew certificate at all?
So creating new certificate works without CAA, but not renewing it… Sounds weird to me. Could this mean I can just wait until certs expires and create new certification for same domain?