「Certbot」- SERVFAIL looking up CAA for @20210220
问题描述
# certbot certonly -a certbot-dns-aliyun:dns-aliyun --certbot-dns-aliyun:dns-aliyun-credentials /etc/letsencrypt/dns-aliyun-credentials.ini -d harboar.example.com Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator certbot-dns-aliyun:dns-aliyun, Installer None Obtaining a new certificate Performing the following challenges: dns-01 challenge for harboar.example.com Waiting 30 seconds for DNS changes to propagate Waiting for verification... Challenge failed for domain harboar.example.com dns-01 challenge for harboar.example.com Cleaning up challenges Some challenges have failed. IMPORTANT NOTES: - The following errors were reported by the server: Domain: harboar.example.com Type: dns Detail: DNS problem: SERVFAIL looking up CAA for harboar.example.com - the domain's nameservers may be malfunctioning
解决办法
在域名解析服务商添加此域名的 CAA 记录:
主机记录:<<对应域名>> 记录类型:CAA 记录的值:0 issue "letsencrypt.org"
然后保存并等待生效,再重新执行申请证书的命令。
相关文章
「Certbot」- 在内网中申请证书的方法
「Certbot」- The manual plugin is not working
「Certbot」- ImportError: 'pyOpenSSL' module missing required functionality
「Certbot」- ocsp.int-x3.letsencrypt.org Read timed out
「Certbot」- 安装
参考文献
更新https报错的解决文案“DNSproblem:SERVFAILlookingupCAAforshop.xxx.com”