Jürgen

Jürgen

Planned

Wanneer het aanvragen van een SSL-certificaat mislukt krijg je een mailtje met tips:

".. Make sure:

  • you have the domains IP addresses correctly setup?
  • your public folder is accessible (you can change "Web directory" inside your site)

Also check your server logs, these may help you clarify more what is going on."

Het kan zijn dat een certificaat niet aangevraagd kan worden omdat er een CAA-record in de DNS is opgenomen. (zie https://letsencrypt.org/docs/caa/). Misschien een ideetje om dit ook in die mail te zetten?

Dennis

Dennis

·
·

I'm not all too sure about this request. I know you can't request SSL with AAAA records, do you have any of those?

no votes yet
Jürgen

Jürgen

Item author
·
·

The reason I could not get a SSL from Lets's Encrypt had nothing to do with AAAA/A records. The existance of a CAA record prevented it. But that problem wasn't hinted in the mail so I think it might be helpfull to mention that.

no votes yet
Alex

Alex

· · Edited
·

This might also be a very nice addition to the pre-certificate request checks to validate there is a permissive CAA record present (or no CAA record at all).

1 total vote
Jürgen
You may use @ to mention someone.

Let's Encrypt CAA-record

2 total votes
Alex Jürgen
  • Dennis moved item to board Planned

    2 years ago
  • Dennis moved item to board Under review

    2 years ago
  • Dennis moved item to project Site Level Requests

    2 years ago
  • Jürgen opened

    2 years ago