I am using MiaB version 63. (I think. I just updated.)
I am using an external DNS server.
I am using an external web server for the websites, but not for mta-sts.example.com and the other sub-domains that MiaB sets up.
All domains have MiaB’s DNSSEC record
I’ve installed approximately 8 domains on the server and the first 4 worked fine. However, the last 4 are not getting Let’s Encrypt certs for mta-sts.example.com
I get the following error on screen:
Log:
Saving debug log to /var/log/letsencrypt/letsencrypt.log Requesting a certificate for mta-sts.example.com Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems: Domain: mta-sts.example.com Type: dns Detail: DNS problem: looking up CAA for mta-sts.example.com: DNSSEC: Bogus Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.
In reading the forums here I see that deleting the contents of /home/user-data/ssl and re-running sudo mailinabox is one recommendation. I did this. I can’t tell if it solved the problem because now nginx won’t start. I’ve restored the files to /home/user-data/ssl and nginx restarted.
in /var/log/letsencrypt/letsencrypt.log I see this on each of the failing domains.
Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
Domain: mta-sts.example.com
Type: dns
Detail: DNS problem: looking up CAA for mta-sts.example.com: DNSSEC: Bogus
Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.
What have I done wrong and what I can I do to fix it?
Any help would be greatly appreciated.
Cheers! 
=C=