Mein kleiner (virtueller) Server benötigt ein neues Zertifikat. Normalerweise hat der certbot dies automatisch gemacht bis jetzt.
certbot renew --dry-run liefert zurück:
Code:
aving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/NAME.unitymedia.biz.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator apache, Installer apache
Starting new HTTPS connection (1): acme-staging-v02.api.letsencrypt.org
Renewing an existing certificate
Performing the following challenges:
tls-sni-01 challenge for NAME.unitymedia.biz
Waiting for verification...
Cleaning up challenges
Attempting to renew cert (NAME.unitymedia.biz) from /etc/letsencrypt/renewal/NAME.unitymedia.biz.conf produced an unexpected error: Failed authorization procedure. NAME.unitymedia.biz (tls-sni-01): urn:ietf:params:acme:error:caa :: CAA record for NAME.unitymedia.biz prevents issuance. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/NAME.unitymedia.biz/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates below have not been saved.)
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/NAME.unitymedia.biz/fullchain.pem (failure)
** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates above have not been saved.)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 renew failure(s), 0 parse failure(s)
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: NAME.unitymedia.biz
Type: None
Detail: CAA record for NAME.unitymedia.biz prevents
issuance
Wenn ich meinen Domainname mit
https://www.ssllabs.com/ssltest/ teste bekomme ich als Ergebnis
DNS CAA Yes
policy host: unitymedia.biz
issuewild: ; flags:0
iodef: mailto
ki@libertyglobal.com flags:0
issue: globalsign.com flags:0
Insoweit sollte der CAA-Record prinzipiell vorhanden sein, oder?
Hat jemand einen Tip mich wo wie was das Problem ist und wie ich mein Zertifikat erneuern kann?
Als OS verwende ich CentOS, Firewall ist ipcop.
Vorab danke für die Hilfe