SSL cert not auto-renewing with caa_error pending issuance

All my ssl edge certificates are not renewing and has a caa_error pending issuance.
I have tried looking this up but all the solutions I find I cannot apply to my situation due to not having the options available. For example, one solution said to add a caa dns record but I can’t because I only have the option to create an A, AAAA, and CNAME records in the dns feature.
Here is a screenshot of the error

Any Advice will be appreciated, Thanks!


You most likely have CAA records set on your authoritative DNS which is blocking Cloudflare from issuing a universal certificate. Since you are only able to choose A, AAAA or CNAME record, you have a CNAME setup on this specific domain.

I would recommend adding the following CAA records on your authoritative DNS
(please replace with your domain) IN CAA 0 issue “ IN CAA 0 issue “ IN CAA 0 issue “ IN CAA 0 issuewild “ IN CAA 0 issuewild “ IN CAA 0 issuewild “

Here is a great article that goes through CAA records and setting CAA records

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.