All Documents
Current Document

Content is empty

If you don't find the content you expect, please try another search term


Why does a certificate fail to be issued?

Last updated:2021-03-15 15:39:19

Problem description

When a user was completing certificate request information after the certificate was purchased, the message indicating that domain CAA check failed was displayed.


A CAA record was set for the domain bound to the certificate and the certificate brand contained in the CAA record value is different from that of the purchased certificate. For example, your certificate will fail to be issued when you apply for a Sectigo certificate and the CAA record value is not

Test the CAA record

Log in to a Linux server and enter the following command to query domain resolution.

dig Domain name caa

The following example shows the command and output:

[root@vm11 ~]# dig caa

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-16.P2.el7_8.6 <<>> caa
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7782
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 19

; EDNS: version: 0, flags:; udp: 4096
;                 IN      CAA

;; ANSWER SECTION:          600     IN      CAA     0 issue ""          600     IN      CAA     0 issue ""

;; Query time: 27 msec
;; WHEN: Tue Aug 18 17:16:42 CST 2020
;; MSG SIZE  rcvd: 469
On this page
Pure ModeNormal Mode

Pure Mode

Click to preview the document content in full screen