LetEncrypt query timed out looking up CAA. Work-a-round

Written by James McDonald

April 27, 2017

Annoying problem with LetsEncrypt when running
./certbot-auto renew

 - The following errors were reported by the server:

   Domain: test.example.com.au
   Type:   connection
   Detail: DNS problem: query timed out looking up CAA for

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A record(s) for that domain
   contain(s) the right IP address. Additionally, please check that
   your computer has a publicly routable IP address and that no
   firewalls are preventing the server from communicating with the
   client. If you're using the webroot plugin, you should also verify
   that you are serving files from the webroot path you provided.


For some reason if you try and renew a cert with two domains in it you get the annoying error above. So try this:

./certbot-auto certonly --webroot -w /var/www/test/ -d test.example.com.au


Submit a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

The reCAPTCHA verification period has expired. Please reload the page.

You May Also Like…

Network speed test host to host

On Ubuntu / Debian apt-get install iperf3 On Windows download it from https://iperf.fr/iperf-download.php#windows Make...

Clear HSTS Settings in CHrome

Open chrome://net-internals/#hsts enter the domain in the query field and click Query to confirm it has HSTS settings...