Provisioning Letsencrypt certs fail: DNS CAA record?

Hi,

I have been running my MIAB box for a while now and have been able to provision TLS certificates automatically just fine, until yesterday. I am running the DNS on my box and the status page says everything is fine regarding the DNS.

Still, today I got this error when trying to provision updated TLS certificates:

Something unexpected went wrong: The HTTP Validation challenge for mailbox.kypelihosting.com failed: DNS problem: SERVFAIL looking up CAA for kypelihosting.com.

Log:
Reading account key from /home/user-data/ssl/lets_encrypt/account.pem.
Validating existing account saved to /home/user-data/ssl/lets_encrypt/registration.json.
Reusing existing challenges for mailbox.kypelihosting.com.
The HTTP Validation challenge for mailbox.kypelihosting.com failed: DNS problem: SERVFAIL looking up CAA for kypelihosting.com.

Is this field a new requirement from Letsencrypt that MIAB DNS doens’t support, or what’s going on?

I am running MIAB version v0.19b.

Ok - so apparently the CAA field support has been added as a custom DNS field to a later version of MIAB? If I update my MIAB box, will MIAB automatically take care of setting this record for me or should I set it manually?

And maybe more importantly, I have been hesitant in updating my box after reading some issues with 0.2x releases. Should these now be resolved if I update from 0.19b to the most recent one?

You have to set the CAA record manually (in System - Custom DNS).

Don’t know about the update from 0.19 to 0.2x as I started with 0.22.

Right, ok. Thanks! And I guess the problem is that in my 0.19b version, there’s no option to set it So have to first update my box.

I updated my box to 0.23a and all went smoothly! I was able to add the CAA record too, so now the certs are provisioned automatically.

Thank you Josh for MIAB!