Certbot-dns-plugin auth error DNS problem: query timed out looking up CAA

chaoers · May 27, 2021, 8:47am

I'm developing a plugin for certbot-dns and now it can add txt record and delete it rightly.
But when i use the plugin to request a certificate it return auth error.
And when i use manual method it can work right like.

certbot --manual -d "*.asteriscum.cn"

I guess it's different auth way between manual and plugin. Is there any way to change the plugin auth method to avoid the CAA auth?

The error log is there:

{
  "type": "dns-01",
  "status": "invalid",
  "error": {
    "type": "urn:ietf:params:acme:error:dns",
    "detail": "DNS problem: query timed out looking up CAA for asteriscum.cn",
    "status": 400
  },
  "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/13475704333/w_UvYw",
  "token": "3lY4eM3kvriXsQ-y_ztEXu6jKdM4-4Ih7MkSuPMNXYM",
  "validationRecord": [
    {
      "hostname": "asteriscum.cn"
    }
  ],
  "validated": "2021-05-27T08:33:04Z"
}

webprofusion · May 27, 2021, 8:55am

Your DNS service doesn't seem to handle the CAA query and also doesn't seem to handle varying the capitalisation of the query (e.g. ASterisCum.CA should still work and should appears with the same casing in the response)

https://unboundtest.com/m/CAA/asteriscum.cn/UXXXF7TT

system · June 26, 2021, 8:56am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.