Hello! I have searched the web for CNAME related issues with LE. And I have found a mix of resolved configuration errors on the client side and some posts claiming LE stopped issuing certs for CNAME domain because of security issues.
My NS subdomain cert gets signed with the setup; the other with CNAME record does not. My setup did not change since the last signing. The setup is OK (provided in docker container).
It would be really sad if LE stopped to issue certs for CNAME domains. This would mean that my setup with a ngix reverse-proxy to distribute to the internal servers will not work anymore. Other options than CNAMES are not possible with my DNS-server.
Is this really an security issue, as the posts I have found on the internet, say… or is it a temporary bug (technical issue) or policy change?! Can I hope that it will work again…? THX.
> docker run -it --rm -p 443:443 -p 80:80 --name letsencrypt01 -v "/foo/etc:/etc/letsencrypt" -v "/foo/var:/var/lib/letsencrypt" quay.io/letsencrypt/letsencrypt:latest certonly
Failed authorization procedure. owncloud.rienecker.name (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Failed to connect to 184.108.40.206:443 for TLS-SNI-01 challenge
- The following errors were reported by the server:
Detail: Failed to connect to 220.127.116.11:443 for TLS-SNI-01
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you’re using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.