• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion
  • Inviting everyone to the UX test of a new security feature in the WP Toolkit
    For WordPress site owners, threats posed by hackers are ever-present. Because of this, we are developing a new security feature for the WP Toolkit. If the topic of WordPress website security is relevant to you, we would be grateful if you could share your experience and help us test the usability of this feature. We invite you to join us for a 1-hour online session via Google Meet. Select a convenient meeting time with our friendly UX staff here.

Resolved Let's Encrypt: Domain validation failed, but CAA records are correct

W

Wyrix

New Pleskian
I'm using the Let's Encrypt extension in Plesk Obsidian. With this extension, I'm trying to request a wildcard certificate, but it returns;
Domain validation failed for <domain>: Invalid response from <url>.
Type: urn:ietf:params:acme:error:caa
Status: 403
Detail: CAA record for <domain> prevents issuance

My DNS records are;
<domain>. CAA (issuewild) letsencrypt.org
<domain>. CAA (issue) ;
<domain>. CAA (iodef) mailto:<email>

Does somebody have an idea what's going wrong here? The logs aren't helping me.
 
It turns out that if you have a single domain certificate on a domain and want to change it to a wildcard certificate, you sometimes must have the issue CAA record set to 'letsencrypt.org'.

In my case, I'm changing all domains from single domain certificates to wildcard certificates and in 2 out of 30 domains, the issue CAA record was needed.
 
Wyrix said:
It turns out that if you have a single domain certificate on a domain and want to change it to a wildcard certificate, you sometimes must have the issue CAA record set to 'letsencrypt.org'.

In my case, I'm changing all domains from single domain certificates to wildcard certificates and in 2 out of 30 domains, the issue CAA record was needed.
Click to expand...
You should mark it as solved then? Just to keep things clean in the beginning. We all browse eagerly Obsidian forum these days :)
 
You must log in or register to reply here.

Similar threads

I
Issue Let's Encrypt "urn:ietf:params:acme:error:caa" 403 failure
Replies
10
Views
3K
iainh
I
K
Question Renewing Let's Encrypt with external DNS servers
Replies
5
Views
316
klowet
K
D
Issue Lets Encrypt Not Successful over port 80
Replies
8
Views
498
Daiv
D
Azurel
Resolved Mail for "Let`s Encrypt certificates for ***** have been issued/renewed" missing?
Replies
2
Views
318
Azurel
Azurel
T
Resolved Lets Encrypt renewal - wildcard seems to want to use http challenge
Replies
2
Views
1K
TomBoB
T
Back
Top