Issue with SSL Certificate Activation in NGINX

Question

I am encountering an error when attempting to activate an SSL certificate for my domain artnbud.com on my VPS. Despite following the necessary steps, I am unable to activate the SSL certificate successfully. Here is the nginx file configuration:

server {
        listen 80 default_server;
        listen [::]:80 default_server;
        #server_name artnbud.com www.artnbud.com;

        # SSL configuration
        #
        # listen 443 ssl default_server;
        # listen [::]:443 ssl default_server;
        #
        # Note: You should disable gzip for SSL traffic.
        # See: https://bugs.debian.org/773332
        #
        # Read up on ssl_ciphers to ensure a secure configuration.
        # See: https://bugs.debian.org/765782
        #
        # Self signed certs generated by the ssl-cert package
        # Don't use them in a production server!
        #
        # include snippets/snakeoil.conf;


        root /var/www/html;

        # Add index.php to the list if you are using PHP
        index index.html index.htm index.nginx-debian.html;

        #server_name _;
        server_name artnbud.com www.artnbud.com;

        location / {
                # First attempt to serve request as file, then
                # as directory, then fall back to displaying a 404.
                try_files $uri $uri/ =404;
                 proxy_http_version 1.1;
                 proxy_set_header Upgrade $http_upgrade;
                 proxy_set_header Connection 'upgrade';
                 proxy_set_header Host $host;
                 proxy_cache_bypass $http_upgrade;
        }

        # pass PHP scripts to FastCGI server
        #
        #location ~ \.php$ {
        #       include snippets/fastcgi-php.conf;
        #
        #       # With php-fpm (or other unix sockets):
        #       fastcgi_pass unix:/run/php/php7.4-fpm.sock;
        #       # With php-cgi (or other tcp sockets):
        #       fastcgi_pass 127.0.0.1:9000;
        #}

        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        #location ~ /\.ht {
        #       deny all;
        #}
}


# Virtual Host configuration for example.com
#
# You can move that to a different file under sites-available/ and symlink that
# to sites-enabled/ to enable it.
#

Error:

#sudo certbot --nginx -d artnbud.com 
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for artnbud.com

Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
  Domain: artnbud.com
  Type:   caa
  Detail: CAA record for artnbud.com prevents issuance

Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.

Some challenges have failed. Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

Answer 1

Detail: CAA record for artnbud.com prevents issuance

The DNS setup of the domain restricts which CA are allowed to issue certificates for this domain. LetsEnrypt is not one of these:

$ dig caa artnbud.com
...
;; ANSWER SECTION:
artnbud.com.            14400   IN      CAA     0 issuewild "globalsign.com"
artnbud.com.            14400   IN      CAA     0 issue "sectigo.com"
artnbud.com.            14400   IN      CAA     0 issue "comodoca.com"
artnbud.com.            14400   IN      CAA     0 issue "globalsign.com"
artnbud.com.            14400   IN      CAA     0 issue "digicert.com"

It is not clear who has set up the domain this way, but in order to get a certificate from LetsEncrypt there must be a record like CAA 0 issue "letsencrypt.org". For more see the respective documentation at LetsEncrypt.