0

CAA Error

I am getting the error "Domain is rejected due to CAA forbids issuance" from "/acme/new-order".

On my first try, i indeed had a wrong caa record. I did multiple tries after that with both, or one of the entries below. Before doing a retry, i waited at least double the ttl:

domain.example.               900     IN      CAA     0 issue "buypass.com"
domain.example.               900     IN      CAA     0 issue "buypass.no"

Also, i did retries over multiple days. Are the caa records maybe cached for a long time or can this error also have a different cause?

(I also always verified that the caa entries are indeed there by using dig locally and by using online verification tools)

The account is registered on the buypass test ca.

1 reply

null
    • QA
    • mkon
    • 1 mth ago
    • Reported - view

    Hi. The caa setup looks correct, but hard to check without the domain/tld. Most likely we can`t verify this fully, and stop the verification process of the domain.

Login to reply

Content aside

  • 1 mth agoLast active
  • 1Replies
  • 83Views
  • 2 Following