Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: talksports.page
I ran this command: certbot renew --dry-run
It produced this output: Detail:
Attempting to renew cert (talksports.page) from /etc/letsencrypt/renewal/talksports.page.conf produced an unexpected error: FAiled authorization procedure. talksports.page (http-01): urn:ietf:params:acme:error:caa :: CAA record for talksports.page prevents issuance. Skipping.
CAA record for talksports.page prevents issuance
or sometimes it says:
DNS Problem: SERVFAIL looking up CAA for talksports.page - the domain’s nameservers may be malfunctioning
My web server is (include version): Apache 2.4.41
The operating system my web server runs on is (include version): Ubuntu Server 18.04
My hosting provider, if applicable, is: digital ocean
I can login to a root shell on my machine (yes or no, or I don’t know): yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.31.0
As additional information, some cites report me as having no CAA set, others like ssllabs make it look like everything is correct.
On digital ocean, my settings look like:
|CAA|talksports.page
authorization: letsencrypt.org
issue|60|
I can’t even begin to list the number of sites I have looked at to get ideas but nothing is working.
