问题描述
# certbot certonly -a certbot-dns-aliyun:dns-aliyun --certbot-dns-aliyun:dns-aliyun-credentials /etc/letsencrypt/dns-aliyun-credentials.ini -d harboar.example.com Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator certbot-dns-aliyun:dns-aliyun, Installer None Obtaining a new certificate Performing the following challenges: dns-01 challenge for harboar.example.com Waiting 30 seconds for DNS changes to propagate Waiting for verification... Challenge failed for domain harboar.example.com dns-01 challenge for harboar.example.com Cleaning up challenges Some challenges have failed. IMPORTANT NOTES: - The following errors were reported by the server: Domain: harboar.example.com Type: dns Detail: DNS problem: SERVFAIL looking up CAA for harboar.example.com - the domain's nameservers may be malfunctioning
解决办法
在域名解析服务商添加此域名的 CAA 记录:
主机记录:<<对应域名>>
记录类型:CAA
记录的值:0 issue “letsencrypt.org”
记录类型:CAA
记录的值:0 issue “letsencrypt.org”
然后保存并等待生效,再重新执行申请证书的命令。
参考文献
更新https报错的解决文案“DNSproblem:SERVFAILlookingupCAAforshop.xxx.com”