External Subdomain SSL Certificate Error

I am setting up a custom subdomain with Sherpadesk and when Sherpadesk tries to issue a certificate for the subdomain it is getting blocked by Cloudflare and won’t let it be created.

I created the A and TXT records. But Sherpadesh won’t create the certificate. This is what their support told me.

“A DNS CAA record exists for domain which forbids the issuance of this certificate. So your configuration of the domain does not allow to create certificate.”

What steps do I need to take to rectify this?

DNS CAA is a mechanism you can use to ensure that only known and authorised CAs issue certificates for covered domains. If you have any CAA records, all CAs are required to verify that they are authorised before issuing a certificate. If a domain has no CAA records, then any CA can issue a certificate following normal validation rules.

The correct solution would be to ask Sherpadesk what Certificate Authority they use, and then create a matching CAA issue or issuewild record.

The wrong solution would be to delete all CAA records you have on your zone.