When you request an SSL certificate from Starfield Technologies, we will check the DNS of your domain for a CAA (Certificate Authority Authorization) record prior to issuing the certificate. Sometimes, when this CAA check takes place, it will error out even when there is no CAA record in place. When we get an error, there's no way for us to tell whether we can issue a certificate for the affected domain, as there could be CAA records present that forbid issuance, but are not visible because of the error.
| Displayed Error | Resolution |
|---|---|
| A DNS CAA record exists for domain(s) coolexample.com which forbids the issuance of this certificate. | Contact your DNS provider to have the CAA record removed. Once this is gone, request the certificate again. |
| SERVFAIL | This is typically caused by an outage with your authoritative nameserver. Have your DNS provider check to make sure you have a SOA(start of authority record) set up on each of your nameservers. Once this is fixed, request the certificate again. |
Article ID: 1456
Created On: Wed, Dec 2, 2020 at 7:50 PM
Last Updated On: Wed, Dec 2, 2020 at 7:50 PM
Online URL: https://www.heartinternet.uk/support/article/certificate-authority-authorization-caa-record-errors.html