We had an SSL cert expire today for an app.
The app name starts with divine-feather-* but it did not automatically renew.
The app was for a subdomain but I had it configured with an A record without the CNAME _acme_verification.domain record. Would that have prevented a successful renewal?
I have added the CNAME records now.
There are 2 ways we’ll successfully be able to create or renew a certificate:
- CNAME for _acme-challenge.your.hostname → something.something.flydns.net
- AAAA with your IPv6 allocation
Can you send me the hostname in question via private message? I can take a look at what happened / is happening.
I found the hostname I think you’re talking about, and it looks like it has a certificate now. It also looks like it has both a CNAME entry and A/AAAA records. That probably won’t hurt anything but if you have an AAAA record, you don’t need the CNAME.