Failed to sign the SSL certification for my domain

My YunoHost server

Hardware: VPS bought online / AWS Lightsail / 1GB ram + 1v CPU
YunoHost version: (stable)
I have access to my server : through the webadmin | direct access via keyboard
Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : no

Description of my issue

I tried to sign the SSL certification for my domain(, but it failed, I want to know how to fix it.

Here is the link of the full log:


The error is:

'detail': 'CAA record for domain2.tld prevents issuance'

Do you have more info on what’s the value for the CAA record for that domain ?

Many Thanks for your reminding! I delete the CAA record of the domain and the problem solved. But I still want to know that, does the CAA record be a required field for my domain? What will be the problem if I delete that record? Dose the value of CAA 「128 issue “”」a right record? Thanks!:grinning:

The CAA is not really recommended, it’s merely a “security bonus”

What it does is that it prevents any other certification authority to emit a certificate for your domain … which covers some (in my opinion) elaborated threat model …

You can have a perfectly fine running server without a CAA record

Got it. Thank you!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.