I have a public hosted zone at AWS Route 53. Just for the simplicity let's call the domain "foo.com". Which I bought a certificate for from Comodo.
I have a CNAME type record for the subdomain "bar.foo.com". In order to renew the Let’s Encrypt certificate for the "bar.foo.com subdomain I need to add a CAA record.
I'm getting the following error message if I try to add the CAA record for the subdomain.
Name: bar.foo.com | Type: CAA | Value: 0 issue "letsencrypt.org"
Error message:
RRSet of type CAA with DNS name bar.foo.com. is not permitted because a conflicting RRSet of type CNAME with the same DNS name already exists in zone foo.com.
Here a screenshot from the AWS console:
Click on Services menu on the top screen, and click on Route 53 to select the option. You will see your hosted zone information. In this example: entrustzonelab.com. Click on the domain to go to record set information.
Yes. To make it even easier for you to configure DNS settings for your domain, Amazon Route 53 supports wildcard entries for all record types, except NS records. A wildcard entry is a record in a DNS zone that will match requests for any domain name based on the configuration you set.
I got it working! I entered a second line in the CAA record of "foo.com"
0 issue "letsencrypt.org"
I'm not sure if that is the right thing to do but it works.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With