Custom Trust Center Domain SSL Stuck in Pending

Lynna
Lynna Vanta Team Member Great answers
  • Updated

When generating your custom domain for your Trust Center page, you find it remains in a Pending state. When hovering over the Pending, you notice it states SSL: Pending.

Screenshot_2023-04-06_at_10.04.27_AM.png

Cause

CAA Records. A Certificate Authority Authorization (CAA) DNS record specifies which Certificate Authorities (CAs) are allowed to issue certificates for a domain.

If your root domain uses CAA records, you'll need to add new records to allow us to issue certificates for the custom domain on your behalf.

 

Solution

Add these CAA records: 

# CAA records added by DigiCert
0 issue "digicert.com; cansignhttpexchanges=yes"
0 issuewild "digicert.com; cansignhttpexchanges=yes"

# CAA records added by Sectigo
0 issue "sectigo.com"
0 issuewild "sectigo.com" #

# CAA records added by Let's Encrypt
0 issue "letsencrypt.org"
0 issuewild "letsencrypt.org"

# CAA records added by Google Trust Services
0 issue "pki.goog; cansignhttpexchanges=yes"
0 issuewild "pki.goog; cansignhttpexchanges=yes"