Cert request fails with 'CAA record disallows issuance'
A CAA record limits which CAs may issue certs for your domain.
Try this first
- 1Check current CAA with dig CAA yourdomain.nl
- 2If your CA isn't listed, add it (CAA 0 issue 'letsencrypt.org')
- 3For wildcards use a separate issuewild
- 4Wait TTL and retry the cert request
When to bring us in
If CAA was unexpected, possibly legacy from a former vendor, audit all records.
See also
- Domain expires tomorrow and nobody saw the emailAn expired domain doesn't transfer instantly. There's a redemption window, but you pay extra.
- Unsure whether to enable auto-renewDisabling auto-renew only makes sense for domains you'll truly drop. For anything live, just keep it on.
- New registrar asks for auth code, can't find itEPP code or transfer code is the password to move a domain from registrar A to B.
None of the above fits?
Describe your situation below. We pass your input plus the steps you already saw to our AI and return tailored next-step advice. If it's too risky to DIY, we'll say so.
Or skip the DIY entirely
Our Managed IT clients do not look these things up. One point of contact, a fixed monthly price, resolved within working hours.