Error getting new SSL certificate

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

we get bellow error when getting a new SSL certificate for this domain only. All other domains
are fine. DNS record is set correctly pointing to our server, same as other domains and pass the challenge but failing to receive certificate. Please help

My domain is: news.denmaur.com

I ran this command: wacs.exe --target iis --installation iis --siteid --host news.denmaur.com --commonname news.denmaur.com --id news.denmaur.com --installationsiteid

It produced this output: [EROR] {
“type”: “urn:ietf:params:acme:error:caa”,
“detail”: “CAA record for news.denmaur.com prevents issuance”,
“status”: 403

My web server is (include version): IIS 10 & iis8

The operating system my web server runs on is (include version): windows server 2019 & 2012R2

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): rus as administrator

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): wacs v2.1.2.6**

1 Like

Hi @ffletsencrypt

checking your domain you see - https://check-your-website.server-daten.de/?q=news.denmaur.com#caa

2020-03-27.news.denmaur.com

The CAA entry of denmaur.com doesn't allow letsencrypt.org to create certificates.

Only Comodo and Globalsign are allowed.

Add a letsencrypt.org entry. Or you can't create Letsencrypt certificates.

2 Likes

Thanks Juergen Auer.

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.