Issue
When generating your custom domain for your Trust Center page, it remains in a Pending state. When hovering over the Pending, you notice it states SSL: Pending.
Cause
- CAA Records. A Certificate Authority Authorization (CAA) DNS record specifies which Certificate Authorities (CAs) are allowed to issue certificates for a domain.
- If your root domain uses CAA records, you'll need to add new records to allow us to issue certificates for the custom domain on your behalf.
Solution
Add these CAA records:
# CAA records added by DigiCert
0 issue "digicert.com; cansignhttpexchanges=yes"
0 issuewild "digicert.com; cansignhttpexchanges=yes"
# CAA records added by Sectigo
0 issue "sectigo.com"
0 issuewild "sectigo.com" #
# CAA records added by Let's Encrypt
0 issue "letsencrypt.org"
0 issuewild "letsencrypt.org"
# CAA records added by Google Trust Services
0 issue "pki.goog; cansignhttpexchanges=yes"
0 issuewild "pki.goog; cansignhttpexchanges=yes"