Hi all, noticed since the update to 0.41 that one of my domains had a problem renewing the TLS certificates. Got the nice admin email with the problem.
Provisioning TLS certificates for box.domain.com, www.domain.com.
error: box.domain.com, www.domain.com:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Performing the following challenges:
http-01 challenge for box.domain.com
Using the webroot path /home/user-data/ssl/lets_encrypt/webroot for all unmatched domains.
Waiting for verification…
Cleaning up challenges
An unexpected error occurred:
Error finalizing order :: Rechecking CAA: While processing CAA for www.domain.com: DNS problem: query timed out looking up CAA for bkmrkd.it
Please see the logfiles in /var/log/letsencrypt for more details.
Now, there has never been a www.domain.com, only a domain.com in the DNS settings. I don’t know why the system tried to add a TLS certificate for that domain. It might be a problem in the scripts or this is a requirement from letsencrypt. When adding the www.domain.com to DNS list it all worked perfectly the next day.
I’m using the mailinabox DNS server, the mail for domain.com is served by the mailinabox, the website is hosted on a different machine.
So is this a bug in the scripts, or a “feature” for letsencypt?