Not provision a Let’s Encrypt certificate for custom domain - upload.messagewrap.com

Hey Admins,

Having an ongoing issue with my site at upload.messagewrap.com.

In the Domain Management > HTTPS console, I’m trying to have a certificate provisioned. The DNS Verification step is successful, but when I try to provision the certificate, I get this error message:

“We could not provision a Let’s Encrypt certificate for your custom domain.”

This has been an issue for over 2 weeks, so I don’t think that its a case of TTL expirations. According to the docs, everything seems like it should be fine, so I’m reaching out to see if we can get some assistance.

Thanks in advance!

HI, @ChrisHomsey. Thank you for asking about this. The actual root cause is a CAA record which limits which certificate authorities can issue SSL certificates for this domain name:

$ dig +noall +answer messagewrap.com CAA
messagewrap.com.	1800	IN	CAA	0 issue "comodoca.com" 

At this time, only comodoca.com can provide SSL for this domain name. If you add letsencrypt.org to the CAA record, then they can issue SSL certificates for it as well.

There is more about this at the Let’s Encrypt site here:

After updating (or removing) the CAA record, SSL provisioning should be successful. If it is not or if there are any questions, please reply anytime.

​Please let us know if there are other ques