Common Custom Subdomain Issues
Invalid Certificate State
This error can be seen during the certification creation process when the CNAME records have been found, but the certificate cannot be issued. The most common cause of this is the existence a conflicting CAA record registered to the domain that is not allowing our SSL provider (AWS) to issue certificates.
Fix this status by first adding the following CAA record to your DNS (replace <metrics.yourwebsite.com> with your subdomain): <metrics.yourwebsite.com>. CAA 0 issue "amazon.com"
Once the CAA record propagates, return to the Fingerprint Dashboard, delete the Invalid certificate, and recreate the certificate.
Deleted CNAME Records
If your subdomain's SSL certificate is no longer valid this may be due to the necessary CNAME records having been deleted. Every year the SSL certificate for a custom subdomain must be renewed. Each domain present on that certificate must have a CNAME record in place on your DNS to validate ownership of the domain. If any of the CNAME records are missing then a failure will occur preventing the entire certificate from being renewed. This can lead to 0 Fingerprints being collected for all domains on the certificate if you have not configured a fallback endpoint.
To resolve this issue you must go to the Fingerprint Dashboard, delete the existing certificate, and then recreate it. Once you have successfully recreated the certificate ensure you do not delete the CNAME records used to verify domain ownership.
Comments
0 comments
Article is closed for comments.