Certbot-dns-plugin auth error DNS problem: query timed out looking up CAA

I'm developing a plugin for certbot-dns and now it can add txt record and delete it rightly.
But when i use the plugin to request a certificate it return auth error.
And when i use manual method it can work right like.

certbot --manual -d "*.asteriscum.cn"

I guess it's different auth way between manual and plugin. Is there any way to change the plugin auth method to avoid the CAA auth?

The error log is there:

  "type": "dns-01",
  "status": "invalid",
  "error": {
    "type": "urn:ietf:params:acme:error:dns",
    "detail": "DNS problem: query timed out looking up CAA for asteriscum.cn",
    "status": 400
  "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/13475704333/w_UvYw",
  "token": "3lY4eM3kvriXsQ-y_ztEXu6jKdM4-4Ih7MkSuPMNXYM",
  "validationRecord": [
      "hostname": "asteriscum.cn"
  "validated": "2021-05-27T08:33:04Z"
1 Like

Your DNS service doesn't seem to handle the CAA query and also doesn't seem to handle varying the capitalisation of the query (e.g. ASterisCum.CA should still work and should appears with the same casing in the response)



This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.