I already have a certificate for my TLD thru a commercial certificate vendor, but this does not cover subdomains. I want to use certbot to create certificate for the subdomain but I get the following error
The domain is accessible, I can access using both http and https, i have a CNAME DNS record pointing to my EC2 AWS instance that hosts the Apache as a reverse proxy to my sonarqube installation.
I only have as DNS record types NS, A, AAAA, CNAME, MX, TXT, SRV no CAA, how can i fix this issue?
That is a huge overstatement.
There are a great deal of reasons why things can go wrong.
Without actual names we can only guess...and guess... and guess again...
A waste of time for everyone involved.
There are a number of DNS configuration issues or software bugs that can cause CAA query failures. It's useful to know the real domain so we can take a look.
Let's Encrypt has a general document on CAA:
As it says when posts are created in the help forum:
Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
The problem is not secrecy, its that the server is still not hardened so it would be easy for someone to take over the machine and I would have to kill it and start over. That is the only reason.