Error getting new SSL certificate

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g., so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

we get bellow error when getting a new SSL certificate for this domain only. All other domains
are fine. DNS record is set correctly pointing to our server, same as other domains and pass the challenge but failing to receive certificate. Please help

My domain is:

I ran this command: wacs.exe --target iis --installation iis --siteid --host --commonname --id --installationsiteid

It produced this output: [EROR] {
“type”: “urn:ietf:params:acme:error:caa”,
“detail”: “CAA record for prevents issuance”,
“status”: 403

My web server is (include version): IIS 10 & iis8

The operating system my web server runs on is (include version): windows server 2019 & 2012R2

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): rus as administrator

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): wacs v2.1.2.6**

1 Like

Hi @ffletsencrypt

checking your domain you see -

The CAA entry of doesn’t allow to create certificates.

Only Comodo and Globalsign are allowed.

Add a entry. Or you can’t create Letsencrypt certificates.


Thanks Juergen Auer.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.