\uD83E\uDD14 ProblemProblem
I have a Starter cluster and customized my domain name, but the cluster is still in the “Starting..” state.
\uD83C\uDF31 SolutionSolution
Verify if your DNS is using CAA restrictions. Use the command:
Code Block language bash dig <domain>. CAA
where the
<domain>is your domain.Ideally, the output should not contain any CAA entry. This would indicate there is no restriction.
If the result contains restrictions like the following, it indicates that it will only respond to certain account – 122345678:
Code Block dig mydomain.io. CAA [...snip...] ;mydomain.io. IN CAA ;; ANSWER SECTION: mywhere.io. 300 IN CAA 0 issue "letsencrypt.org;accounturi=https://acme-v02.api.letsencrypt.org/acme/acct/12345678" [.../snip...]
Update your CAA entry. Specifically, it should not be limited to a single account but rather should allow certificates to be issued by Let's Encrypt regardless of the account used. When you verify it for CAA, it should either not return any entry or return the following:
Code Block <domain>. 300 IN CAA 0 issue "letsencrypt.org"
| Info |
|---|
It also takes some time for the DNS entry to get propagated, even if it has a ttl. E.g. on using a windows based DNS server, it could take up to 1 day to get a fresh entry |
\uD83D\uDCCE Related Related articles
| Filter by label (Content by label) | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|