I’ve already added DNS record, and pointed the subdomain to myapp.onrender.com. But the status is stuck at pending for over 24 hours. Is it normal? Is there anything I missed? Thanks!
Hey Damon,
No, it’s not normal for it to take that long.
It looks like we’re unable to generate a cert because the DNS record restricts the certificate authorities that are allowed to sign a cert for the domain. Can you add a CAA record to the domain that allows letsencrypt.org to sign the cert?
Hey Jake, can you be more specific? How to add CAA record? Thanks!
If you don’t remember attaching a CAA record, you don’t need it. It accepts any SSL / TLS certificate.
Therefore, I think there is something else wrong.
Are you using a registered registrar name server? In that case, the reflection may be very slow.
You can check the status using dig or nslookup.
I agree that it’s unusual that a CAA record is required when there isn’t a conflicting record. However, the error I was seeing on the backend indicated this was preventing the signing of the certificate.
@damon I see that the certificate is now issued. Can you confirm things look good on your end? Did you end up adding the record to resolve the issue?
Thank you Jake! I asked my client to add the CAA record and everything is working fine now. Thank you so much for your help 
1 Like