Running AutoSSL results in: CA forbidden: domain.tld

Symptoms

When running AutoSSL, you receive an error similar to the following when the domain has a CAA record.

CA forbidden: "domain.tld"

Description

The error occurs when the domain's CAA record doesn't authorize Let's Encrypt to issue certificates for the domain.

Workaround

The CAA record must be removed or updated to allow Let's Encrypt to issue certificates for the domain. The CAA record should look similar to the record below.

domain.tld. IN CAA 0 issue "letsencrypt.org"

Please note that "exampledomain.tld" must be replaced with the appropriate domain name.