Hi Letsencrypt team -
My domain is: germany.vertesi.com
According to https://dnsspy.io/labs/caa-validator I don’t have a CAA record on the child or parent domain, of either domain (germany.vertesi.com or verthome.tplinkdns.com). My domain is hosted on dyn.com, which doesn’t allow me to (easily) set a CAA record. Dig just returns the SOA record.
Thanks in advance for your help!
According to the debug log, I ran certbot with these arguments: [’–text’, ‘–config-dir’, ‘/var/snap/nextcloud/current/certs/certbot/config’, ‘–work-dir’, ‘/var/snap/nextcloud/current/certs/certbot/work’, ‘–logs-dir’, ‘/var/snap/nextcloud/current/certs/certbot/logs’, ‘–authenticator’, ‘nextcloud:webroot’, ‘–nextcloud:webroot-path’, ‘/var/snap/nextcloud/current/certs/certbot’, ‘–rsa-key-size’, ‘4096’, ‘–email’, ‘email@example.com’, ‘–non-interactive’, ‘–agree-tos’, ‘–force-renewal’, ‘-d’, ‘germany.vertesi.com’]
It produced this output:
Obtaining a new certificate Performing the following challenges: http-01 challenge for germany.vertesi.com Using the webroot path /var/snap/nextcloud/current/certs/certbot for all domains. Waiting for verification... Cleaning up challenges Failed authorization procedure. germany.vertesi.com (http-01): urn:ietf:params:acme:error:caa :: CAA record for germany.vertesi.com prevents issuance IMPORTANT NOTES: - The following errors were reported by the server: Domain: germany.vertesi.com Type: None Detail: CAA record for germany.vertesi.com prevents issuance
My web server is (include version): nextcloud snap’s built-in Apache
The operating system my web server runs on is (include version): Ubuntu 18.04 server LTS
My hosting provider, if applicable, is: Me.
I can login to a root shell on my machine (yes or no, or I don’t know): yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no