Multiple CAA Records -> Not working

If you have multiple CAA Records due to other providers like DigiCert, Comodo and the certbot from Letsencrypt will give you that error message:

Detail: CAA record for prevents issuance

in my opinion this should work because you can have multiple CAA records due to RFC -> Section 3

kind regards
Sebastian Fessl

1 Like

Can we see your CAA record set? Your domain doesn’t have any at the moment.

As long as one of the CAA records is permissive of, it shouldn’t matter how many you have.

1 Like

Hi @itseasy3133

that’s simple, see your check, ~~80 minutes old -

13. CAA - Entries

Domainname flag Name Value ∑ Queries ∑ Timeout 0 no CAA entry found 1 0 5 issue 1 0
5 issue 1 0
com 0 no CAA entry found 1 0 is wrong, must be

Small difference, but important :wink:


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.