We use LE to generate/renew certs for thousands of customers, and within the last 2 days, all certificate generation has failed with this same error:
Error creating new cert :: Rechecking CAA: Internal error getting validation method for mydomain.com,
Of course, it says some other domain other than mydomain.com, depending on what we’re generating.
We’re really in hot water if we can’t sort this one out, and the error message is not only cryptic to me, but also google returns exactly zero results for “Internal error getting validation method for”
We’re running on ubuntu 16.04.2 which means we’re using an old version of certbot known as ‘letsencrypt’ version 0.4.1. The command we run is something like:
letsencrypt certonly --webroot [--staging] --csr /path/to/mycert.csr -w /var/www/html -d $MYDOMAIN
So, obviously our validation method is an HTTP resource, rather than DNS. This seems obvious by the CLI options --webroot and -w, and it’s always worked great. This sudden failure to “get validation method” is a complete shock. The only hunch I’ve got right now is that I wonder if some newer version of this old
letsencrypt command line client has been patched/updated and perhaps our prod servers have installed that package updated without my realizing it.