Error: Custom Trust Center Domain SSL Stuck in Pending

  • Updated

Scale & Collaborate.jpgFor more information about plan types and capabilities, see Vanta's pricing page

 

Issue

When generating your custom domain for your Trust Center page, it remains in a Pending state. When hovering over the Pending, you notice it states SSL: Pending.  

Screenshot_2023-04-06_at_10.04.27_AM.png

Cause

  • CAA Records. A Certificate Authority Authorization (CAA) DNS record specifies which Certificate Authorities (CAs) are allowed to issue certificates for a domain.
  • If your root domain uses CAA records, you'll need to add new records to allow us to issue certificates for the custom domain on your behalf.

Solution

Add these CAA records: 

# CAA records added by DigiCert
0 issue "digicert.com; cansignhttpexchanges=yes"
0 issuewild "digicert.com; cansignhttpexchanges=yes"

# CAA records added by Sectigo
0 issue "sectigo.com"
0 issuewild "sectigo.com" #

# CAA records added by Let's Encrypt
0 issue "letsencrypt.org"
0 issuewild "letsencrypt.org"

# CAA records added by Google Trust Services
0 issue "pki.goog; cansignhttpexchanges=yes"
0 issuewild "pki.goog; cansignhttpexchanges=yes"