All my ssl edge certificates are not renewing and has a caa_error pending issuance.
I have tried looking this up but all the solutions I find I cannot apply to my situation due to not having the options available. For example, one solution said to add a caa dns record but I can’t because I only have the option to create an A, AAAA, and CNAME records in the dns feature.
Here is a screenshot of the error
Any Advice will be appreciated, Thanks!
You most likely have CAA records set on your authoritative DNS which is blocking Cloudflare from issuing a universal certificate. Since you are only able to choose A, AAAA or CNAME record, you have a CNAME setup on this specific domain.
I would recommend adding the following CAA records on your authoritative DNS
(please replace example.com with your domain)
example.com. IN CAA 0 issue “comodoca.com”
example.com. IN CAA 0 issue “digicert.com”
example.com. IN CAA 0 issue “letsencrypt.org”
example.com. IN CAA 0 issuewild “comodoca.com”
example.com. IN CAA 0 issuewild “digicert.com”
example.com. IN CAA 0 issuewild “letsencrypt.org”
Here is a great article that goes through CAA records and setting CAA records
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.