Hi,
About 11 weeks ago I got a wildcard certificate and ran the command specified below to obtain the first set of wildcard certificates, now they’re about to expire, but when I tried to renew them I couldn’t.
My domain is: example.com (ficticious)
I ran this command:
sudo certbot -a dns-digitalocean certonly -i nginx -d “*.example.com” -d example.com --server https://acme-v02.api.letsencrypt.org/directory --dns-di gitalocean --dns-digitalocean-credentials /etc/letsencrypt/tokenfile --email admin@gmail.com --agree-tos
It produced this output:
Plugins selected: Authenticator dns-digitalocean, Installer nginx
Cert is due for renewal, auto-renewing…
Renewing an existing certificate
Performing the following challenges:
dns-01 challenge for example.com
dns-01 challenge for example.com
Waiting 10 seconds for DNS changes to propagate
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. example.com (dns-01): urn:ietf:params:acme:error:caa :: CAA record for example.com prevents issuance, example.com (dns-01): urn:ietf:params:acme:error:caa :: CAA record for *.example.com prevents issuance
My web server is (include version):
nginx/1.14
The operating system my web server runs on is (include version):
Ubuntu 18.04
My hosting provider, if applicable, is:
Digital Ocean
I can login to a root shell on my machine (yes or no, or I don’t know):
yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
no
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you’re using Certbot):
certbot 0.31.0
I need some help before they expire