starred/acme-dns-client
1
0
Fork 0
mirror of https://github.com/acme-dns/acme-dns-client.git synced 2026-04-25 13:25:59 +03:00
Code Issues 20 Projects Releases 3 Packages Wiki Activity

[GH-ISSUE #8] certbot renew --dry-run fails #2

New issue
Closed
opened 2026-03-13 16:23:19 +03:00 by kerem · 2 comments
kerem commented 2026-03-13 16:23:19 +03:00
Owner
Copy link

Originally created by @jcoker85 on GitHub (Mar 30, 2021).
Original GitHub issue: https://github.com/acme-dns/acme-dns-client/issues/8

After performing the steps on the readme, and running

acme-dns-client check -d DOMAIN

I get the following output

Checking acme-dns configuration for domain DOMAIN
 [*] Registered acme-dns account found!
 [*] CNAME record found and set up correctly!
 [*] CAA record found!
 [*] CAA AccountURI found!

I attempted to do a dry run of the renewal using

certbot renew --dry-run

But always receive the message

1 renew failure(s), 0 parse failure(s)

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: DOMAIN
   Type:   None
   Detail: CAA record for DOMAIN prevents issuance

My CAA record is as follows:

DOMAIN  CAA  0 issue "letsencrypt.org; validationmethods=dns-01; accounturi=https://acme-v02.api.letsencrypt.org/acme/acct/ACCT_NUM"

Am I missing a step in the renewal process?

Originally created by @jcoker85 on GitHub (Mar 30, 2021). Original GitHub issue: https://github.com/acme-dns/acme-dns-client/issues/8 After performing the steps on the readme, and running `acme-dns-client check -d DOMAIN` I get the following output ``` Checking acme-dns configuration for domain DOMAIN [*] Registered acme-dns account found! [*] CNAME record found and set up correctly! [*] CAA record found! [*] CAA AccountURI found! ``` I attempted to do a dry run of the renewal using `certbot renew --dry-run` But always receive the message ``` 1 renew failure(s), 0 parse failure(s) IMPORTANT NOTES: - The following errors were reported by the server: Domain: DOMAIN Type: None Detail: CAA record for DOMAIN prevents issuance ``` My CAA record is as follows: ``` DOMAIN CAA 0 issue "letsencrypt.org; validationmethods=dns-01; accounturi=https://acme-v02.api.letsencrypt.org/acme/acct/ACCT_NUM" ``` Am I missing a step in the renewal process?
kerem 2026-03-13 16:23:19 +03:00
  • closed this issue
  • added the
    question
         label
kerem commented 2026-03-13 16:23:35 +03:00
Author
Owner
Copy link

@joohoi commented on GitHub (Apr 3, 2021):

Hi, there are multiple things that can be at play here, but I would assume that a certificate for DOMAIN was initially using some other validation method (http-01 most likely). certbot renew, even with --dry-run will just reuse the initial certbot configuration and tries to renew the certificate using those.

Now you have added a CAA record that only allows DNS validation, that causes the renewal to fail.

<!-- gh-comment-id:812819020 --> @joohoi commented on GitHub (Apr 3, 2021): Hi, there are multiple things that can be at play here, but I would assume that a certificate for `DOMAIN` was initially using some other validation method (http-01 most likely). `certbot renew`, even with `--dry-run` will just reuse the initial certbot configuration and tries to renew the certificate using those. Now you have added a `CAA` record that only allows DNS validation, that causes the renewal to fail.
kerem commented 2026-03-13 16:23:40 +03:00
Author
Owner
Copy link

@jcoker85 commented on GitHub (Apr 9, 2021):

Hi @joohoi,

Thanks so much for your response, and apologies in the delay in mine.

I did get this working by performing:

sudo apt purge certbot followed by sudo apt autoremove (not sure second step is entirely necessary)

and rerunning all of the steps listed in the README. So, it looks like your assumption was correct that old Certbot configuration was causing some confusion during the renewal process.

Thanks again!

<!-- gh-comment-id:816889531 --> @jcoker85 commented on GitHub (Apr 9, 2021): Hi @joohoi, Thanks so much for your response, and apologies in the delay in mine. I did get this working by performing: `sudo apt purge certbot` followed by `sudo apt autoremove` (not sure second step is entirely necessary) and rerunning all of the steps listed in the README. So, it looks like your assumption was correct that old Certbot configuration was causing some confusion during the renewal process. Thanks again!
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
release03
fix_wildcard
fix_goreleaser
prepare_v0.2
v0.3
v0.2
v0.1
Labels
Clear labels   
pull-request

Mirrored from GitHub Pull Request

  
question

   
question
No labels
pull-request
question
question
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/acme-dns-client#2
No description provided.