Problems setting up sub-domain

I’m tearing my hair out here but might be missing something. I have been setting up a web site on a new server and have successfully installed and activated Letsencrypt on a sub-domain of the one we want to end up with: That worked and works fine.

Today I went to set up the desired domain: and I keep getting the “query timed out looking up CAA for” error.

I cannot understand because it happily set up So is just running on http for now.

Please fill out the fields below so we can help you better.

My domain is:

I ran this command: several. I started with letsencrypt --apache -d to do the original one. Then I did the same but added the additional domain:

letsencrypt --apache -d -d

I then resorted to letsencrypt --apache and walked through the wizard. I can happily renew the test domain, but not register the non-test domain

It produced this output:

Failed authorization procedure. (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: DNS problem: query timed out looking up CAA for



My operating system is (include version):

Ubuntu 16.04.1 LTS (GNU/Linux 4.4.0-36-generic x86_64)

My web server is (include version):

Apache/2.4.18 (Ubuntu)

My hosting provider, if applicable, is:, this is a virtual server (VPS?)

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.