It appears that there is a problem with getting a CA from letsencrypt for a .SR domain. This problem has been
mentioned before. Are there any updates for a solution?
I am looking into this and have contacts with the registrar to hopefully get this resolved.
What is the cause of the problem?
Is this issue specific to letsencrypt?
Well, there's a bug with the TLD's DNS servers. When you ask them for CAA
records, instead of saying "there aren't any," they don't respond.
No and yes. CAs are all required to implement CAA. Under the circumstances, CAs are allowed to ignore the failure and treat it as permission to issue; Let's Encrypt has a simple and strict implementation that, well, doesn't.
Good question! I don't know.
As of August or September, the TLD's DNS vendor was working on it.
If your domain's DNS provider supports it, create CAA
records (that allow letsencrypt.org
to issue). If your domain has CAA
records, the TLD's CAA
records -- or errors -- don't come into play.
Background:
Incomplete list of .sr certificates issued by Let's Encrypt and some other CAs:
(The list of Let's Encrypt certificates is complete. But for some CAs, it's not complete.)
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.