Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Current »

Problem

I have a Starter cluster and customized my domain name, but the cluster is still in the “Starting..” state.

Solution

  1. Verify if your DNS is using CAA restrictions. Use the command:

    dig  <domain>. CAA

    where the <domain> is your domain.

  2. Ideally, the output should not contain any CAA entry. This would indicate there is no restriction.

  3. If the result contains restrictions like the following, it indicates that it will only respond to certain account – 122345678:

    dig  mydomain.io. CAA
    
    [...snip...]
    ;mydomain.io.			IN	CAA
    
    ;; ANSWER SECTION:
    mywhere.io.		300	IN	CAA	0 issue "letsencrypt.org;accounturi=https://acme-v02.api.letsencrypt.org/acme/acct/12345678"
    [.../snip...]
  4. Update your CAA entry. Specifically, it should not be limited to a single account but rather should allow certificates to be issued by Let's Encrypt regardless of the account used. When you verify it for CAA, it should either not return any entry or return the following:

    <domain>.		300	IN	CAA	0 issue "letsencrypt.org"

It also takes some time for the DNS entry to get propagated, even if it has a ttl. E.g. on using a windows based DNS server, it could take up to 1 day to get a fresh entry

  • No labels