Hi,
We’ve been using Fly without issues for several customers, but we have one that we can’t seem to get a certificate generated for. I verified with them that both DNS entries are active and checked myself using dig.
In the certificates view I see that the domain has been verified, but red dots next to both RSA and ECDSA. Is there any way I can debug this to see what the issue is? I’ve hit “Check Again” multiple times now.
There might be a CAA record preventing issuance, if you try the CAA record type with the domain here, do you get any results?
Thanks for the quick reply! Yes it looks like X’s across the board. Is there anything we should ask the customer to do on their end?
Oh if it’s not returning anything except a red X, it means there’s not a CAA record, so it’s likely a different issue. Let me see if I can figure out what’s up.
Happy to share the domain in question via email if that’s possible?
Actually, try the hostname without the subdomain: example.com instead of security.example.com. There is a CAA record that’s preventing us from issuing the certificate.
They will either need to delete the CAA records from their DNS, or add letsencrypt.org with these instructions: Certificate Authority Authorization (CAA) - Let's Encrypt
Ah gotcha let me forward that over to them to see if that resolves it.
