Error: CAA record for prevents issuance


My domain is:

I ran this command:
I followed the article at this linked. As described in article, I navigate to and followed the steps.

I selected manual verification aster entering my domain name. It gave me two downloadable file and I uploaded them in the directory specified ( 1.…). Both files.

Then, when I finally click on the “Download SSL Certificate” button, I get the error.

It produced this output:

Domain “” challenge3 failed. Response from “” was:

Warning: Your verification URL is not returning the correct contents to our verification servers. The URL looks like it is blocking bots and which inadvertently blocks our servers from receiving the correct content. Contact your host, a professional developer or admin for further help with fixing it.

Error: CAA record for prevents issuance

Full Error: { “type”: “http-01”, “status”: “invalid”, “error”: { “type”: “urn:ietf:params:acme:error:caa”, “detail”: “CAA record for prevents issuance”, “status”: 403 }, “url”: “”, “token”: “QT2eI0HG2n-ZpWlKTXXTeo244RvQnMnbRe5rKsIKJ1k”, “validationRecord”: [ { “url”: “”, “hostname”: “”, “port”: “80”, “addressesResolved”: [ “” ], “addressUsed”: “” } ] }
My web server is (include version):

The operating system details:

System Linux 3.10.0-962.3.2.lve1.5.24.5.el7.x86_64 #1 SMP Thu Nov 22 09:42:49 EST 2018 x86_64

PHP Version 7.2.13

My hosting provider, if applicable, is:

I cannot login to a root shell on my machine

I’m using a control panel to manage my site. cPanel Version 76.0 (build 15)


Yes, you have this CAA record:         14400   IN      CAA     0 issue ""

You need to add 0 issue "" – or remove the record entirely – to allow Let’s Encrypt to issue certificates for the domain.

Where do you manage DNS?

And, since you’re using cPanel, can you use cPanel to automatically obtain and renew an SSL certificate? Using SSL For Free every couple months is a hassle.

Edit: You already have certificates issued by cPanel:


As pointed out, cPanel AutoSSL already created and installed a certificate for you - .

To fix the “not secure” message, you’ll need to fix up your mixed content: . Changing to Let’s Encrypt won’t help with that.

For the record (but doesn’t matter to you and you can ignore it):

Your nameservers are hosted by cPanel DNSONLY, so you should be able to get into the “DNS Advanced Zone Editor” in your cPanel user interface to add a CAA record as suggested above.

However, on some hosts the advanced zone editor is disabled, so in that case you would need to contact your webhost to ask them to do it.


Can you please explain where to add instead of I am sorry, I am just new to these kinds of stuff. Hope you understand

DNS Advanced Zone Editor is disabled on my cpanel


Why do you need a Let’s Encrypt certificate? already has a certificate.


Yes, I can navigate to the but when I click on https information, it shows not fully secure unlike others.


Hi @kodementor

but this isn’t a problem of your certificate. You have a proper working cPanel-certificate.
	29.01.2019,,,,,, - 7 entries

It’s only a problem of your website. You have mixed content (content loaded via http, not https).

Use FireFox or Chrome, then Ctrl + Shift + I, then open the console. There you see some wrong links:

All links must be changed to https - links.

PS: It’s Wordpress, perhaps there is a global setting to change that.


Thank You everyone for your replies. Finally, I managed to convert http to https. Thank you

closed #9

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.