What could cause the Certificate Pending for the new custom domain?

I’ve already added DNS record, and pointed the subdomain to myapp.onrender.com. But the status is stuck at pending for over 24 hours. Is it normal? Is there anything I missed? Thanks!

Screen Shot 2021-03-23 at 7.58.55 PM

Hey Damon,

No, it’s not normal for it to take that long.

It looks like we’re unable to generate a cert because the DNS record restricts the certificate authorities that are allowed to sign a cert for the domain. Can you add a CAA record to the domain that allows letsencrypt.org to sign the cert?

Hey Jake, can you be more specific? How to add CAA record? Thanks!

Is it something like this?

If you don’t remember attaching a CAA record, you don’t need it. It accepts any SSL / TLS certificate.
Therefore, I think there is something else wrong.
Are you using a registered registrar name server? In that case, the reflection may be very slow.
You can check the status using dig or nslookup.

I agree that it’s unusual that a CAA record is required when there isn’t a conflicting record. However, the error I was seeing on the backend indicated this was preventing the signing of the certificate.

@damon I see that the certificate is now issued. Can you confirm things look good on your end? Did you end up adding the record to resolve the issue?

Thank you Jake! I asked my client to add the CAA record and everything is working fine now. Thank you so much for your help :pray:

1 Like