search

denoland / deploy_feedback

For reporting issues with Deno Deploy
https://deno.com/deploy
74 stars 5 forks source link

[Bug]: Custom domains `Get automatic certificates` fails with `Failed to provision a TLS certificate: challenge is not valid.` #670

Closed morgothulhu closed 5 months ago

morgothulhu commented 5 months ago

Problem description

anybody getting some issues with custom domains Get automatic certificates functionality?

Keep on getting Failed to provision a TLS certificate: challenge is not valid.

nslookup -q=cname _acme-challenge.{domain} 1.0.0.1 and nslookup -q=txt _acme-challenge.{domain} 1.0.0.1 are both returning the expected a6010e7e9bb940f8db763402._acme.deno.dev.

Steps to reproduce

  1. set up a new custom domain
  2. Get automatic certificates

Expected behavior

Getting automatic certs

Environment

No response

Possible solution

No response

Additional context

No response

magurotuna commented 5 months ago

Hi @morgothulhu, according to the internal logs, it looks like your domain has a CAA record set up which contains accounturi parameter whose value does not match the ACME account ID that we are using (it does include letsencrypt.org which is fine though). This prevents the automatic certificate provisioning process from proceeding. Could you remove accounturi paramter and retry the same process again?

morgothulhu commented 5 months ago

thanks @magurotuna. It worked! resolving!