CAA record prevents issuance

martinmi · June 19, 2020, 9:29am

Hello,
i have been trying to crate a https certificate with win-acme on a Azure VM (Windows Server 2019 Datacenter).

Error:

[INFO] Authorize identifier: dizrupt-iot.westeurope.cloudapp.azure.com
[INFO] Authorizing dizrupt-iot.westeurope.cloudapp.azure.com using http-01 validation (SelfHosting)
[EROR] {
“type”: “urn:ietf:params:acme:error:caa”,
“detail”: “CAA record for dizrupt-iot.westeurope.cloudapp.azure.com prevents issuance”,
“status”: 403
}
[EROR] Authorization result: invalid
[EROR] Create certificate failed: Authorization failed

Thank you for hour help!

JuergenAuer · June 19, 2020, 9:37am

that's

Domainname	flag	Name	Value	∑ Queries
dizrupt-iot.westeurope.cloudapp.azure.com	0		no CAA entry found	1
westeurope.cloudapp.azure.com	0		no CAA entry found	1
cloudapp.azure.com	0		no CAA entry found	1
azure.com	5	issue	digicert.com	1
	5	issue	entrust.com	1
	5	issue	globalsign.com	1
com	0		no CAA entry found	1

And see

same problem, started yesterday.

Looks like Microsoft has changed the CAA entries, so now it's impossible to create Letsencrypt certificates with that azore.com subdomain.

system · July 19, 2020, 9:37am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
All azure.com - subdomains are blocked creating Letsencrypt-certificates - Urn:ietf:params:acme:error.caa. Upd 15:30 Microsoft has removed all CAA Help	16	3627	August 8, 2020
Error while creating certificate with win-acme: "CAA record for <site> prevents issuance" Help	2	878	August 13, 2020
CAA behaviour changed? Help	23	5689	March 11, 2019
CAA record prevents issuance Help	6	4211	February 23, 2020
CAA issue error not clear what is wrong Help	5	776	June 16, 2021