SSL Issuance Error


Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g., so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command: Issuance for SSL Renewal

It produced this output:

My web server is (include version): Plesk

The operating system my web server runs on is (include version): Windows Server

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): Plesk Onyx

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

Invalid response from
Type: urn:acme:error:caa
Status: 403
Detail: CAA record for prevents issuance


Hi @umerkhokhar,

It looks to me like you’re a customer of the hosting provider 247workinghost, and they don’t want you to get certificates for subdomains of their domain. If so, that’s their choice.

Do you have your own domain name that you’ve registered for yourself? If not, and if you don’t intend to do this for some reason, you’ll need to ask 247workinghost whether it’s OK with them for you to get a certificate for this subdomain, and, if so, whether they can help you do so. It’s very unlikely that we can help you to do this without their cooperation!


I am from and i want this certificate for my hostname, which is mentioned above as sub domain name. I want to renew it for myself and i have main administrative access to the server. Waiting for your help to re-generate it.


The domain’s CAA records specifically do not allow Let’s Encrypt to issue certificates.  2877  CAA  0 issue ""

To use Let’s Encrypt, you have to add a CAA record for 0 issue "" to or or remove the existing CAA record.

Do you have administrative access to the domain’s DNS?


Yes i have access, do i have to delete the entry of old/existing certificate from the DNS records and need to re-issue ? Is it right or what to do, please mention step by step guide.



You don’t have to do anything to your existing certificates.

You just have to add or remove one DNS record.

1 Like

After deleting the record from DNS, i will try now with the re-issuance and update you soon.


There was no record in the DNS, i have added the record as per the above help.
After adding the record, i hit the issuance button and it was generated successfully and i check it through:

Thanks to all

closed #9

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.