Problem
I have a Starter cluster and customized my domain name, but the cluster is still in the “Starting..” state.
Solution
Verify if your DNS is using CAA restrictions. Use the command:
dig <domain>. CAA
where the
<domain>
is your domain.Ideally, the output should not contain any CAA entry. This would indicate there is no restriction.
If the result contains restrictions like the following, it indicates that it will only respond to certain account – 122345678:
dig mydomain.io. CAA [...snip...] ;mydomain.io. IN CAA ;; ANSWER SECTION: mywhere.io. 300 IN CAA 0 issue "letsencrypt.org;accounturi=https://acme-v02.api.letsencrypt.org/acme/acct/12345678" [.../snip...]
Update your CAA entry. Specifically, it should not be limited to a single account but rather should allow certificates to be issued by Let's Encrypt regardless of the account used. When you verify it for CAA, it should either not return any entry or return the following:
<domain>. 300 IN CAA 0 issue "letsencrypt.org"
It also takes some time for the DNS entry to get propagated, even if it has a ttl. E.g. on using a windows based DNS server, it could take up to 1 day to get a fresh entry