I have a wildcard *.vocabase.com from comodo CA but I wan to replace it by a let's Encrype certificate.
Certificate is realy not my speciality and i'm very new on that.
It guess my problem is a conflict with a wildcard Comodo certificate but i don't know how to correct that.
Could you help me ?
Requesting a certificate for as.vocabase.com
Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems:
Domain: as.vocabase.com
Type: caa
Detail: CAA record for as.vocabase.com prevents issuance
Hint: The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 80. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet.
Some challenges have failed.
My web server is (include version): apache2
The operating system my web server runs on is (include version): debian 10
My hosting provider, if applicable, is: OVH
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no i'm using SSH console
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.22.0
You can either append your DNS to include a CAA record for vocabase.com which permits issuance by letsencrypt.org (of course with a properly formatted CAA record et cetera) or you can add a CAA record permissive for issuance by letsencrypt.org for as.vocabase.com.
Note that neither the apache plugin or the standalone plugin will be able to get you a wildcard certificate. Let's Encrypt restricts wildcard certificates to the dns-01 challenge, which requires a DNS plugin (if you want to automate everything, which is highly recommended).
You're in luck, as Certbot has a DNS plugin for OVH.
Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to this Apache server and that it is accessible from the internet.