Thanks for the detailed description.
You might find this article https://aws.amazon.com/premiumsupport/knowledge-center/acm-troubleshoot-caa-errors/ helpful as it explains how ACM checks CAA record following CNAME record.
To move forward, either
- Include Amazon CA in the CAA records in the domain
domain.comand clear up all CAA records in the sub-domain
- or include Amazon CA in the sub-domain (should be possible, not sure why it's returning an error)
- or remove all CAA records
If the issue persists, please feel free to provide additional information for further discussions. Thank you.
URGENT Action Required - Your certificate renewalasked 5 months ago
Certificate renewal!!!asked 3 years ago
Action Required - Your certificate renewal IssueAccepted Answerasked 5 months ago
SSL/TLS Certificate Renewalasked 4 months ago
AWS certificate manager certificate renewalasked 7 months ago
Plesk Lets Encrypt Certificate Auto Renewalasked 2 years ago
Certificate renewal is not possibleasked 6 months ago
Certificate Manager: renewal with domain validation fails to renew, expecting CAA recordsasked 2 months ago
Renewal pending validation even though 0 domains require validationasked 5 months ago
ACM was unable to renew the certificate automatically using DNS validationasked 2 years ago