Hi everyone,
I can't reach out to our domain for some reason and obtain a new certificate.
Certification Authority Authorization (CAA) records forbid the CA from issuing a certificate :: Error finalizing order :: Rechecking CAA for "www.catch-22.co.nz" and 1 more identifiers failed. Refer to sub-problems for more information
Error on Chrome:
# This site can’t be reached
Check if there is a typo in catch-22.co.nz.
DNS_PROBE_FINISHED_NXDOMAIN
Error when obtaining a new certificate:
organic@desktop:/etc/nginx/conf.d$ sudo certbot --nginx -d catch-22.co.nz -d www.catch-22.co.nz
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Cert not yet due for renewal
You have an existing certificate that has exactly the same domains or certificate name you requested and isn't close to expiry.
(ref: /etc/letsencrypt/renewal/catch-22.co.nz-0002.conf)
What would you like to do?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: Attempt to reinstall this existing certificate
2: Renew & replace the cert (limit ~5 per 7 days)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Renewing an existing certificate
An unexpected error occurred:
Certification Authority Authorization (CAA) records forbid the CA from issuing a certificate :: Error finalizing order :: Rechecking CAA for "www.catch-22.co.nz" and 1 more identifiers failed. Refer to sub-problems for more information
Please see the logfiles in /var/log/letsencrypt for more details.
My domain is:
catch-22.co.nz
It produced this output:
My web server is (include version):
217.15.151.47
The operating system my web server runs on is (include version):
Ubuntu 20.04
My hosting provider, if applicable, is:
self-hosted
I can login to a root shell on my machine (yes or no, or I don't know):
yes
Nginx file:
organic@desktop:/etc/nginx/conf.d$ cat catch22.conf
server {
root /var/www/catch-22;
index index.php index.html index.htm index.nginx-debian.html;
server_name catch-22.co.nz www.catch-22.co.nz;
#listen [::]:443 ssl http2 ipv6only=on;
#listen 443 ssl http2; # managed by Certbot
client_max_body_size 100M;
location / {
#try_files $uri $uri/ =404;
try_files $uri $uri/ /index.php$is_args$args;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
fastcgi_connect_timeout 300s;
fastcgi_read_timeout 300s;
fastcgi_send_timeout 300s;
}
location ~ /\.ht {
deny all;
}
location = /favicon.ico { log_not_found off; access_log off; }
location = /robots.txt { log_not_found off; access_log off; allow all; }
location ~* \.(css|gif|ico|jpeg|jpg|js|png)$ {
expires max;
log_not_found off;
}
location ~ ^/\.user\.ini {
deny all;
}
#ssl_certificate /etc/letsencrypt/live/catch-22.co.nz/fullchain.pem; # managed by Certbot
#ssl_certificate_key /etc/letsencrypt/live/catch-22.co.nz/privkey.pem; # managed by Certbot
#include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
#ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
#ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
listen [::]:443 ssl http2 ipv6only=on; # managed by Certbot
listen 443 ssl http2; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/catch-22.co.nz-0002/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/catch-22.co.nz-0002/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = www.catch-22.co.nz) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = catch-22.co.nz) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name catch-22.co.nz www.catch-22.co.nz;
listen 80;
return 404; # managed by Certbot
}
Webslice domain settings: