Problem or Error in provisioning TLS certificates


Hi all, noticed since the update to 0.41 that one of my domains had a problem renewing the TLS certificates. Got the nice admin email with the problem.

Provisioning TLS certificates for,
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Performing the following challenges:
http-01 challenge for
Using the webroot path /home/user-data/ssl/lets_encrypt/webroot for all unmatched domains.
Waiting for verification…
Cleaning up challenges
An unexpected error occurred:
Error finalizing order :: Rechecking CAA: While processing CAA for DNS problem: query timed out looking up CAA for
Please see the logfiles in /var/log/letsencrypt for more details.

Now, there has never been a, only a in the DNS settings. I don’t know why the system tried to add a TLS certificate for that domain. It might be a problem in the scripts or this is a requirement from letsencrypt. When adding the to DNS list it all worked perfectly the next day.

I’m using the mailinabox DNS server, the mail for is served by the mailinabox, the website is hosted on a different machine.

So is this a bug in the scripts, or a “feature” for letsencypt?