SSL cert does not renew automatically

My site was unreachable yesterday and after spending some time troubleshooting, I discovered it’s because the SSL certificate expired. So I decided to renew manually, I deleted the old one and created a new one but I was still unable to connect. On the dashboard, it shows that it has been verified but when I run fly certs check ".test.cloudmall.africa, I get this message

The certificate for *.test.cloudmall.africa has not been issued yet.

But right after that, I also see this

Hostname = *.test.cloudmall.africa
DNS Provider = enom
Certificate Authority = Let’s Encrypt
Issued =
Added to App = 6 minutes ago
Source = fly

followed by instructions on how to connect, any idea on how to solve this.[quote=“cloudmall, post:1, topic:18069, full:true”]
Ny site was unreachable yesterday and after spending some time troubleshooting, I discovered it’s because the SSL certificate expired. So I decided to renew manually, I deleted the old one and created a new but I was still unable to connect. On the dashboard, it shows that it has been verified but when I run fly certs check ".test.cloudmall.africa, I get this message

The certificate for *.test.cloudmall.africa has not been issued yet.

But right after that, I also see this

Hostname = *.test.cloudmall.africa
DNS Provider = enom
Certificate Authority = Let’s Encrypt
Issued =
Added to App = 6 minutes ago
Source = fly

followed by instructions on how to connect, any idea on how to solve this.
[/quote]

Over 6 hours now, same story, created multiple certificates yet problem still persists.

Hi @cloudmall ! The certificate request for *.test.cloudmall.africa was invalid and failed with error CAA record for cloudmall.africa prevents issuance. This is happening because there are CAA records on that domain restricting the certificates CA to ‘amazon.com’.

$ dig +noall +answer cloudmall.africa caa
cloudmall.africa.       1799    IN      CAA     0 issuewild "amazon.com"
cloudmall.africa.       1799    IN      CAA     0 issue "amazon.com"

To resolve this issue you can follow the instructions provided here: Certificate Authority Authorization (CAA) - Let's Encrypt adding CAA records that allows letsencrypt.org as CA for issue and issuewild tags.

After those records are present in the answer for the above dig command, please give some time for the changes to propagate and then your need to use fly certs remove and fly certs create to generate back your certificates.

Please let me know if those steps resolve the certificate issue!

@aschiavo Thank you so much. I’ll work on this and let you know how it goes.

I removed the records and everything works fine now. Thanks once again.

Great news!! I’m glad I was able to help.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.