But not when you issued via dietpi-letsencrypt
(= webroot authentication) before, is it? Ah, or you mean that was in the letsencrypt.log
(only)? When debugging such issues, I at least regularly thought that Certbot has wrong priorities about which logs to show on console and which to bury in the log file .
Sorry for the confusion. The only time I saw the CAA error from certbot was when using manual mode to specify the DNS challenge. The error message was in the console. Deleting that flag in the No-IP DNS record fixed that issue and then the manual mode worked.
I did a quick search in the letsencrypt.log yesterday and didn’t see any such CAA error messages.
Probably it only checks for CAA records when checking DNS records anyway for authentication, but not when using other authentication methods. Would be something to suggest to Certbot devs. As the hostname needs to be given in any case, why not always check CAA.
well done … i had same problem… this worked for me