SSL Certificate not working

Hello,

i have just changed the domain for one of our sites. ID is 6a8f73f4-f54b-4dbc-bc34-db5e37cd108d.
Now the DNS Verification succeedes, but provisioning of a new certificate fails.

Did I set it up wrong?

Thanks and regards

Hi, @niklampe, this is because of the following IPv6 IP address (AAAA record) which is preventing our service from provisioning the SSL certificate:

$ dig rabb365.com AAAA  +noall +answer

; <<>> DiG 9.10.6 <<>> rabb365.com AAAA +noall +answer
;; global options: +cmd
rabb365.com.		21456	IN	AAAA	2003:2:2:15:80:150:6:143

Please delete that record and then wait for the TTL (time to live) value for the old record to expire (21456 second is about six hours - it is probably 21600 secons on the actual record) .

Once that has expired, then click the button to renew the certificate under Site Name > Settings > Domain management > HTTPS.

If that doesn’t resolve the issue please let us know.

1 Like

Hello @luke
thanks that worked back then.

Now I have a smiliar problem with the site with ID: a5923c17-c6c9-486c-97f4-ea45c552e2ce
and Domain: waas.sievers-group.com

Can you tell me what I need to change?

Thanks

Hi, @niklampe, there is a CAA record limiting which services can issue SSL certificates for this domain:

$ dig sievers-group.com CAA  +noall +answer

; <<>> DiG 9.10.6 <<>> sievers-group.com CAA +noall +answer
;; global options: +cmd
sievers-group.com.	3599	IN	CAA	0 issue "swisssign.com"
sievers-group.com.	3599	IN	CAA	0 issue "comodo.com"
sievers-group.com.	3599	IN	CAA	0 iodef "mailto:abuse@sievers-group.com"

You can either add Let’s Encrypt as described here or delete the CAA records completely to resolve this. A third option would be to upload a custom SSL certificate you acquire from a third-party.

If there are other questions about this, we’ll be happy to answer. :smiley: