menu

ZEIT

Our mission is to make cloud computing as easy and accessible as mobile computing. You can find our Next.js community here.

Channels
Team

Generating certificate error 409 (Conflict?)

February 24, 2020 at 5:17pm
The ZEIT community has a new home. This thread is preserved for historical purposes. The content of this conversation may be innaccurrate or out of date. Go to new community home →

Generating certificate error 409 (Conflict?)

February 24, 2020 at 5:17pm
Does anybody have an idea what is going on here and why I cannot assign an alias for a new domain?
➜ binaaz-react git:(pre) now alias https://binaaz-3e8e8a246.binaaz.qa/ ru.pre2.binaaz.qa Now CLI 17.0.4
Assigning alias ru.pre2.binaaz.qa to deployment binaaz-3e8e8a246.binaaz.qa ⠧ Generating a certificate...Error! An unexpected error occurred in alias: Error: Response Error (409) at Object.responseError [as default] (/usr/local/lib/node_modules/now/dist/index.js:2:2234661) at processTicksAndRejections (internal/process/task_queues.js:97:5) at /usr/local/lib/node_modules/now/dist/index.js:2:1838521 at i.default.retries (/usr/local/lib/node_modules/now/dist/index.js:2:3892136) at Object.createCertForCns [as default] (/usr/local/lib/node_modules/now/dist/index.js:2:2067591) at Object.createCertificateForAlias [as default] (/usr/local/lib/node_modules/now/dist/index.js:2:2475213) at Object.createAlias [as default] (/usr/local/lib/node_modules/now/dist/index.js:2:3969445) at Object.assignAlias [as default] (/usr/local/lib/node_modules/now/dist/index.js:2:4230359) at set (/usr/local/lib/node_modules/now/dist/index.js:2:4003413) at Se (/usr/local/lib/node_modules/now/dist/index.js:2:1728252)

February 24, 2020 at 5:19pm
Check the CAA records of the domain.
  • reply
  • like
Screenshot is better than a text above :)
  • reply
  • like
, domain is managed by zeit. Where can I check about CAA?
  • reply
  • like
  • reply
  • like
;; ANSWER SECTION:
binaaz.qa. 60 IN CAA 0 issue "letsencrypt.org"
  • reply
  • like
Okay, I have checked and it seems good
  • reply
  • like
do we need "issuewild"?
  • reply
  • like
Is this something you changed recently?
  • reply
  • like
Okay, I have added records:
➜ binaaz-react git:(pre) dig binaaz.qa CAA +short
0 issue "letsencrypt.org"
0 issuewild "letsencrypt.org"
  • reply
  • like
Still failing on generating certificate
  • reply
  • like
This may be related. As child domains inherit CAA configuration, it seems that "zeit.co" related CAA configuration is used:
➜ binaaz-react git:(pre) dig pre.binaaz.qa CAA
; <<>> DiG 9.10.6 <<>> pre.binaaz.qa CAA
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52541
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1280
;; QUESTION SECTION:
;pre.binaaz.qa. IN CAA
;; ANSWER SECTION:
pre.binaaz.qa. 26 IN CNAME alias.zeit.co.
alias.zeit.co. 1766 IN CAA 0 issue "letsencrypt.org"
;; Query time: 2 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Mon Feb 24 19:45:24 EET 2020
;; MSG SIZE rcvd: 103
Edited
  • reply
  • like
As per letsencrypt, they say that 409 response means "Account already exists". Is there anything I can do to make it work again?
  • reply
  • like
Tried as well:
➜ binaaz-react git:(pre) now certs issue '*.pre.binaaz.qa' 'pre.binaaz.qa'
Now CLI 17.0.4
Error! An unexpected error occurred in certs: Error: Response Error (409)
at Object.responseError [as default] (/usr/local/lib/node_modules/now/dist/index.js:2:2234661)
at processTicksAndRejections (internal/process/task_queues.js:97:5)
at /usr/local/lib/node_modules/now/dist/index.js:2:1838521
at i.default.retries (/usr/local/lib/node_modules/now/dist/index.js:2:3892136)
at Object.createCertForCns [as default] (/usr/local/lib/node_modules/now/dist/index.js:2:2067591)
at Object.issue [as default] (/usr/local/lib/node_modules/now/dist/index.js:2:2448729)
at Se (/usr/local/lib/node_modules/now/dist/index.js:2:1728252)
➜ binaaz-react git:(pre) now certs issue 'pre.binaaz.qa'
Now CLI 17.0.4
Error! An unexpected error occurred in certs: Error: Response Error (409)
at Object.responseError [as default] (/usr/local/lib/node_modules/now/dist/index.js:2:2234661)
at processTicksAndRejections (internal/process/task_queues.js:97:5)
at /usr/local/lib/node_modules/now/dist/index.js:2:1838521
at i.default.retries (/usr/local/lib/node_modules/now/dist/index.js:2:3892136)
at Object.createCertForCns [as default] (/usr/local/lib/node_modules/now/dist/index.js:2:2067591)
at Object.issue [as default] (/usr/local/lib/node_modules/now/dist/index.js:2:2448729)
at Se (/usr/local/lib/node_modules/now/dist/index.js:2:1728252)
  • reply
  • like
, domain is managed by zeit. Where can I check about CAA?
now dns ls should give you that information. 409 = there is a CAA record somewhere that LE is unable to process.
Edited
  • reply
  • like
, I have never changed anything re CAA or DNS records for that domain.
  • reply
  • like