If you have multiple CAA Records due to other providers like DigiCert, Comodo and Letsencrypt.org the certbot from Letsencrypt will give you that error message:
Detail: CAA record for shop.icuserver.com prevents issuance
in my opinion this should work because you can have multiple CAA records due to RFC
https://tools.ietf.org/html/rfc6844 -> Section 3
kind regards
Sebastian Fessl
Can we see your CAA record set? Your domain doesn’t have any at the moment.
As long as one of the CAA records is permissive of letsencrypt.org, it shouldn’t matter how many you have.
Hi @itseasy3133
that’s simple, see your check, ~~80 minutes old - https://check-your-website.server-daten.de/?q=shop.icuserver.com#caa
13. CAA - Entries
Domainname flag Name Value ∑ Queries ∑ Timeout shop.icuserver.com 0 no CAA entry found 1 0 icuserver.com 5 issue comodoca.com 1 0 5 issue Letsencrypt.org 1 0 com 0 no CAA entry found 1 0
Letsencrypt.org is wrong, must be letsencrypt.org.
Small difference, but important 