Knowledge Base

Unable to renew/issue Let’s Encrypt certificate: CAA record for example.com prevents issuance

Symptoms

Unable to renew/issue Let's Encrypt certificate:

CAA record for example.com prevents issuance
Checking CAA record for example.com returns the following:

# dig caa example.com +short
0 issue "example.com"

Cause

DNS record for certification authority does not allow to issue Let's Encrypt certificate.

Resolution

Log into Plesk.
Open Domains > example.com > DNS Settings > select CAA record and delete it using Remove button.
Press Update to save changes:

Related Posts

DNS_PROBE_FINISHED_NXDOMAIN: What Is It And How To Fix The Problem

Setting up Your Ideal Web Development Environment With Plesk Essentials

How to configure external DNS with DigitalOcean DNS extension on Plesk

Knowledge Base

How to add a CAA DNS record on a domain in Plesk?

Unable to issue a Let’s Encrypt certificate for domain with forwarding hosting type when nginx is not installed and/or disabled on the Plesk server

Let’s Encrypt certificate installation/renewal fails for a domain in Plesk: Incorrect TXT record found at _acme-challenge.example.com

New Public IP address in Plesk is not updated on DNS zones on slave DNS server(s)

Hosting Wiki