CAA record prevents issuance

Hello,
i have been trying to crate a https certificate with win-acme on a Azure VM (Windows Server 2019 Datacenter).

Error:

[INFO] Authorize identifier: dizrupt-iot.westeurope.cloudapp.azure.com
[INFO] Authorizing dizrupt-iot.westeurope.cloudapp.azure.com using http-01 validation (SelfHosting)
[EROR] {
“type”: “urn:ietf:params:acme:error:caa”,
“detail”: “CAA record for dizrupt-iot.westeurope.cloudapp.azure.com prevents issuance”,
“status”: 403
}
[EROR] Authorization result: invalid
[EROR] Create certificate failed: Authorization failed

Thank you for hour help!

1 Like

Hi @martinmi

that’s

a know problem - see your check - https://check-your-website.server-daten.de/?q=dizrupt-iot.westeurope.cloudapp.azure.com#caa

Domainname flag Name Value ∑ Queries ∑ Timeout
dizrupt-iot.westeurope.cloudapp.azure.com 0 no CAA entry found 1 0
westeurope.cloudapp.azure.com 0 no CAA entry found 1 0
cloudapp.azure.com 0 no CAA entry found 1 0
azure.com 5 issue digicert.com 1 0
5 issue entrust.com 1 0
5 issue globalsign.com 1 0
com 0 no CAA entry found 1 0

And see

same problem, started yesterday.

Looks like Microsoft has changed the CAA entries, so now it’s impossible to create Letsencrypt certificates with that azore.com subdomain.

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.