Hope you are doing well!
We are trying to request a LE (Let's Encrypt) cert via Akamai.
This cert has common name (CN): tst.carquote.nrma.com.au
Initially, this cert request had 68 SANs but we received the following error, "Let’s Encrypt: Error finalizing order :: Rechecking CAA for ", from LE so we thought may be should reduce the number of SANs before the request is sent to LE.
Hence, we cleaned up the cert request to include only 2 additional SANs (9 SANs were already present in the cert which was already deployed on Akamai). This request was approved by LE, cert was received by and deployed on Akamai. So, now the tst.carquote.nrma.com.au has 11 SANs and deployed on Akamai.
Next, because we need to have 68 SANs on the cert, we added 5 new SANs, sent the request to LE but this time received the same error as above, i.e., "Let’s Encrypt: Error finalizing order :: Rechecking CAA for ".
So, we tried with 3 SANs but still same error.
Then we tried with 2 new SANs, that went through and now we have 13 SANs in the cert deployed on Akamai.
However, since then we are having difficulty adding more SANs to the cert; we can't even add 1 SAN to the cert.
The error in the Akamai portal is always the same, i.e., "Let’s Encrypt: Error finalizing order :: Rechecking CAA for ".
When we looked for this error in the Akamai log, we found the following:
LeErrorReport(statusCode=403, type=urn:ietf:params:acme:error:caa, detail=Error finalizing order :: Rechecking CAA for "tst.carquote.nrma.com.au"
The last SAN we tried to add was:
Do note that in every single instance, the domain (ownership) validation has always passed so we are confident that this isn't happening because we haven't met the DV cert requirements, rather, its something technical and at this point it seems to be at the LE end.
Hence, we would really appreciate your assistance in troubleshooting this issue.
If there is any additional information you require from our side, just let us know.
Thanks in advance for your help!
Have a great day ahead!