Error issuing certificate from Cpanel; CAA record?


#1

When trying to issue # Let’s Encrypt™ SSL from Cpanel, I’m getting the following error:

"There was a problem processing your request

There seems to be something wrong with the CAA record.
I looked at the DNS records, and there are no CAA records.
What should I do to make issueing the certificate work?


#2

I don’t understand why you’re getting that error message. :confused:

I expected it to fail with a different error message.

The .sr TLD’s DNS servers have a bug: When you ask them for CAA records, they don’t respond.

If your domain has CAA records, Let’s Encrypt ignores the error at the TLD level.

If your domain doesn’t have CAA records, Let’s Encrypt should fail with an error message along the lines of “SERVFAIL looking up CAA record for sr”.

Can you try actually adding CAA records that allow letsencrypt.org to issue?

Is it possible that cPanel momentarily adds incorrect CAA records while trying to get a certificate, then deletes them again?


#3

Most likely there were records present in order to enable Comodo to issue certificates, as a workaround for sr being defective.

The Let’s Encrypt client in use here definitely does not mess with the user’s CAA records.


#4

I’m going to try this option and will let you know what happened.


#5

Thanks @mnordhoff
“The SSL certificate is now installed onto the domain “hjgroup.sr” using the IP address “78.47.75.248”. Apache is restarting in the background.”
After adding CAA Records as you suggested, I stil got some errors for DNS settings (auto-configured by Cpanel) that where preventing issuance of the SSL, but themessages were more clear on what was going wrong.
So after tweaking those DNS settings, it went smoothly.


#6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.