Let's Encrypt Issue
-
Oddity just cropped up on getting a new app running:
Jan 24 08:13:12 box:cert/acme2 waitForChallenge: status is "invalid" {"type":"http-01","status":"invalid","error":{"type":"urn:ietf:params:acme:error:dns","detail":"During secondary validation: DNS problem: networking error looking up CAA for <mydnshere>","status":400},"url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/10323824999/c7R7Lw","token":"HLUAkRme8XYGPy70DjD654Tai58ovS7T-2SfmekUA3U","validationRecord":[{"url":"http://<mydnshere>/.well-known/acme-challenge/HLUAkRme8XYGPy70DjD654Tai58ovS7T-2SfmekUA3U","hostname":"<mydnshere>","port":"80","addressesResolved":["myip"],"addressUsed":"myip"}]}
The above <mydns> and <myip> are correct. I do have an empty surfer instance running in the root of the domain. This wasn't an issue yesterday but just started up today.
-
@doodlemania2 according to https://letsencrypt.org/docs/caa/#caa-errors first lets see if this is permanent or not. Then also check if you have setup any CAA rules to maybe prohibit issuing certificates by LetsEncrypt
-
@doodlemania2 according to https://letsencrypt.org/docs/caa/#caa-errors first lets see if this is permanent or not. Then also check if you have setup any CAA rules to maybe prohibit issuing certificates by LetsEncrypt
-
@nebulon It cleared after about 30 minutes (strange). Will look at the CAA thing.
Oddity for me -> I'm set up to use wildcard as my DNS. I was thinking that would leverage a wildcard let's encrypt cert. No?@doodlemania2 said in Let's Encrypt Issue:
Oddity for me -> I'm set up to use wildcard as my DNS. I was thinking that would leverage a wildcard let's encrypt cert. No?
Other way around! Wildcard DNS will lead to non-wildcard certs (and vice versa - programmatic DNS means you can get wildcard certs).
Also, the DNS error is reported by the Let's encrypt servers and not by Cloudron. If this is a new domain or you changed the NS recently, these errors are normal.
-
@doodlemania2 said in Let's Encrypt Issue:
Oddity for me -> I'm set up to use wildcard as my DNS. I was thinking that would leverage a wildcard let's encrypt cert. No?
Other way around! Wildcard DNS will lead to non-wildcard certs (and vice versa - programmatic DNS means you can get wildcard certs).
Also, the DNS error is reported by the Let's encrypt servers and not by Cloudron. If this is a new domain or you changed the NS recently, these errors are normal.
Hello! It looks like you're interested in this conversation, but you don't have an account yet.
Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.
With your input, this post could be even better 💗
Register Login