Fail to Acquire a Certificate


we are trying to generate certificate with certsage.php under our domain root directory. however, it gives following error message (we've successfully installed few certs for other domains)

:man_mage:t3: CertSage
version 1.2.0
CAA record for prevents issuance

If you need help with resolving this issue, please post a topic in the help category of the Let's Encrypt Community.


Please help to advise how to correct it?

If you check using your domain is restricted to only using certs from via a CAA record in your DNS.

You'll need to update or remove that record to issue certs via another CA like Let's Encrypt.


appreciate your prompt help

do you mean below record restricts to use only certs from 0 IN CAA 0 issue ""

if so, since we didn't set this record, how to update or remove?
if update, what to update to?

thank you

1 Like

CAA records are set by the domain owner in DNS. You'd need to look at whatever system administrates your DNS.

What to change it to depends on what CAs you want to allow your domain to use. They're generally not set accidentally, though, so someone at some point specifically set that domain to only use that one CA.

You might find these articles useful:


I see your domain DNS nameservers are with , they probably set that by default. If you don't know how to fix it just contact your DNS provider (hinet) but it should be pretty obvious in your DNS control panel for that domain.


appreciate your prompt help

CAA records is just removed. it's still failing to acquire a certificate with certsage.php

is it that it takes sometime for the dns record to properly update, maybe few hours or a day, after that we can then acquire the certificate with certsage.php, correct?

thank you

You only have to wait for the authoritative DNS servers to sync which already have as you can see at Let's Encrypt queries them directly and does not have to wait for TTL propagation.

What is the error message now?


Should be ok soon, your nameservers are no longer returning that record and my local query using dig now shows no CAA record.


it works now.

should we delete certsage.php after successfully installing cert for security concern if needed?

thanks you

@griffin Your thoughts on this?


Welcome to the Let's Encrypt Community, Geoffrey! :slightly_smiling_face:

I'm the author of CertSage. Sorry for not responding sooner. My day job has had me busy. I see that you've been receiving the excellent support here though for which this great community is renown. There's no need to remove certsage.php since its usage is protected by password. In 60 days, when it's time to consider renewal of your certificate, just browse to certsage.php again and follow the steps again to renew your certificate.

Update: I'm just realizing that you're using CertSage version 1.2, which doesn't use a password. For security, please replace your certsage.php with version 1.4.1.


Thanks Griffin and the great community


I've updated the certsage.php from v1.2 to v1.4.1
I checked the expiration date of multiple certs for multiple sites. the expiration dates remain the same as previous expiration date. is this correct?
If so, is there any way to update the installation/expiration date so that we can make all of the certs with same expiration date.

for renewal of the cert, do we have to renew after the expiration date?

thank you

1 Like

Did you push the "cPanel installation button"? If you don't have cPanel and/or the installation button doesn't work, you need to re-install the certificate manually into your webserver. Renewing is a two-step process: getting a (re)new(ed) certificate and making sure the webserver actually uses this new cert. Often this is an automatic process. But sometimes it's not.

Let's Encrypt recommends to renew after 2/3rds of the lifetime of the certificate. In the case of Let's Encrypt, that's after 60 days out of the 90 days lifetime of the cert.

So yes and no: yes, you need to renew the cert yourself (as you're using a manual process) and no, you shouldn't renew after the expiration date, but before.


yes, with v1.4.1 there's cPanel installatino button

'Acquire a Certificate' support needed is resolved. thanks all supports

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.