All Documents
Current Document
Content is empty
If you don't find the content you expect, please try another search term
Found 0 result in total
Content is empty
If you don't find the content you expect, please try another search term
Certificate Management (KCM)
FAQs
FAQs for using KCM
Why does a certificate fail to be issued?
Last updated:2021-03-15 15:39:19
When a user was completing certificate request information after the certificate was purchased, the message indicating that domain CAA check failed was displayed.
A CAA record was set for the domain bound to the certificate and the certificate brand contained in the CAA record value is different from that of the purchased certificate. For example, your certificate will fail to be issued when you apply for a Sectigo certificate and the CAA record value is not sectigo.com.
Log in to a Linux server and enter the following command to query domain resolution.
dig Domain name caaThe following example shows the command and output:
[root@vm11 ~]# dig sec.ksyun.com caa
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-16.P2.el7_8.6 <<>> sec.ksyun.com caa
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7782
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 19
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;sec.ksyun.com. IN CAA
;; ANSWER SECTION:
sec.ksyun.com. 600 IN CAA 0 issue "letsencrypt.org"
sec.ksyun.com. 600 IN CAA 0 issue "sectigo.com"
;; Query time: 27 msec
;; SERVER: 198.13.188.98#53(198.13.188.98)
;; WHEN: Tue Aug 18 17:16:42 CST 2020
;; MSG SIZE rcvd: 469
Pure Mode