Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Can't create CAA record for subdomain on AWS Route 53

I have a public hosted zone at AWS Route 53. Just for the simplicity let's call the domain "foo.com". Which I bought a certificate for from Comodo.

I have a CNAME type record for the subdomain "bar.foo.com". In order to renew the Let’s Encrypt certificate for the "bar.foo.com subdomain I need to add a CAA record.

I'm getting the following error message if I try to add the CAA record for the subdomain.

Name: bar.foo.com | Type: CAA | Value: 0 issue "letsencrypt.org"

Error message:

RRSet of type CAA with DNS name bar.foo.com. is not permitted because a conflicting RRSet of type CNAME with the same DNS name already exists in zone foo.com.

Here a screenshot from the AWS console: enter image description here

like image 833
stevo Avatar asked Jul 16 '18 05:07

stevo


People also ask

How do I add a CAA record to Route 53?

Click on Services menu on the top screen, and click on Route 53 to select the option. You will see your hosted zone information. In this example: entrustzonelab.com. Click on the domain to go to record set information.

Which of the following DNS record types is not supported by Amazon Route 53?

Yes. To make it even easier for you to configure DNS settings for your domain, Amazon Route 53 supports wildcard entries for all record types, except NS records. A wildcard entry is a record in a DNS zone that will match requests for any domain name based on the configuration you set.


1 Answers

I got it working! I entered a second line in the CAA record of "foo.com"

0 issue "letsencrypt.org"

I'm not sure if that is the right thing to do but it works.

enter image description here

like image 65
stevo Avatar answered Oct 19 '22 14:10

stevo