Release Notes

Announcements

Notice on price adjustment of DigiCert and its affiliated brands'SSL certificates

Price Change to DigiCert SSL Certificates

TrustAsia Root Certificate Update

Domain Validation Policy Update

SSL Certificate Service Console

Multi-Year SSL Certificate and Automatic Review

Notice on Stopping the Issuance of 2-Year SSL Certificates by CAs Starting from September 1, 2020

Announcement on Stop Using the Symantec SSL Certificate Name After 30 April 2020

Notice on Certificate Revocation Due to Private Key Compromises

Notice on Application Limits for DV SSL Certificates

Notice on Adjustment of Free SSL Certificates Policy

Let's Encrypt Root Certificate Expired on September 30, 2021

Product Introduction

Overview

Introduction to Tencent Cloud SSL Certificates

Strengths

Advantages of HTTPS

Browser Compatibility Test Report

Multi-Year SSL Certificate and Automatic Review Overview

SSL Certificate Security

Purchase Guide

Pricing

SSL Certificate Purchase Process

SSL Certificate Selection

Paid SSL Certificates Renewal

SSL Certificate Renewal Process

SSL Certificate Refund Process

Getting Started

Certificate Application

Information Submission Process for Paid SSL Certificates

Domain Ownership Validation

Domain Validation Method Selection

Automatic DNS Addition

DNS Validation

File Validation

Automatic DNS Validation

Automatic File Validation

Validation Result Troubleshooting Guide

Operation Guide

Domain Ownership Verification

Uploading Certificates

Secured Seal

CSR Management

Certificate Installation

Installing an SSL Certificate on a Tencent Cloud Service

Installation of International Standard Certificates

Selecting an Installation Type for an SSL Certificate

Certificate Management

Instructions on SSL Certificate Auto-Renewal

Certificate Hosting

Uploading (Hosting) an SSL Certificate

Reminding Reviewers to Review an SSL Certificate Application

Revoking an SSL Certificate

Deleting an SSL Certificate

Reissuing an SSL Certificate

Ignoring SSL Certificate Notifications

Customizing SSL Certificate Expiration Notifications

API Documentation

History

Introduction

API Category

Making API Requests

Certificate APIs

Certificate Renewal (Certificate ID Unchanged) APIs

CSR APIs

Data Types

Error Codes

Use Cases

Automatic Solution for Implementing and Issuing Multi-Year Certificates and Binding Resources

Apple ATS Server Configuration

Quickly Applying for a Free SSL Certificate via DNSPod

Enabling Tencent Cloud DDNS and Installing Free Certificates for Synology NAS

Batch Applying for and Downloading Free Certificates Using Python-based API Calls

Profile Management

Adding Organization Profile

Adding Administrator

Adding Domain

Troubleshooting

Domain Validation Failed

Domain Security Review Failed

Website Inaccessible After an SSL Certificate is Deployed

404 Error After the SSL Certificate is Deployed on IIS

“Your Connection is Not Secure” is Displayed After the SSL Certificate is Installed

Message Indicating Parsing Failure Is Displayed When a Certificate Is Uploaded

Automatic DNS Validation Failed for a Domain Hosted with www.west.cn

Host Name Field Cannot Be Edited in IIS Manager When Type Is Set to https

Message Indicating Intermediate Certificates Missing in Chain Is Displayed When a Free SSL Certificate Is Deployed on IIS

FAQs

SSL Certificate Selection

SSL Certificate Application

SSL Certificate Management

SSL Certificate Installation

SSL Certificate Region

SSL Certificate Review

SSL Certificate Taking Effect

SSL Certificate Billing and Purchase

SSL Certificate Validity Period

Related Agreement

SSL Service Level Agreement

Glossary

What Should I Do If the Issue of a Free SSL Certificate Takes Too Long or Failed?

PDF

Focus Mode

Font Size

Last updated: 2024-03-06 18:03:04

This document describes how to troubleshoot a failure to issue the free SSL certificate due to domain ownership verification timeout when you apply for the certificate from Tencent Cloud.
Note: 
It generally takes up to 30 minutes to issue a free SSL certificate, after which you can troubleshoot the timeout as instructed in this document.
Checking the CAA Record
CAA records need to be checked for both file validation and DNS validation. If there are no CAA records or they contain 0 issuewild "sectigo.com" and 0 issue "sectigo.com", the check can be passed.
dig command
dig domain name CAA
Everything is normal if the returned value is empty or contains 0 issuewild "sectigo.com" and 0 issue "sectigo.com", as shown below:
﻿
﻿
DNS diagnosis tool
Go to the DNS diagnosis tool, enter the primary domain, select CAA, and click Check. Everything is normal if the returned value is empty or contains 0 issuewild "sectigo.com" and 0 issue "sectigo.com".
Note: 
If the check fails or only certain regions can be checked, check the DNS settings of the domain.
Solution
If the returned result is not empty and does not contain 0 issuewild "sectigo.com" and 0 issue "sectigo.com", add the following records to the DNS settings:
Host
Record Type
Split Zone
Record Value
@
CAA
Default
0 issuewild "sectigo.com"
@
CAA
Default
0 issue "sectigo.com"
Checking the DNS Record
After checking the CAA record, check whether the validation record has been added. For self-built NS servers or those with DNS query limits outside the Chinese mainland, check whether the DNS query outside the Chinese mainland is normal with the DNS diagnosis tool or DNSCHCKER. In general, all monitored points can return values and their returned values are the same.
1. Determine the domain to be checked.
The domain to be checked should be in the format of host.domain; for example, if the certificate's host is _26A56EBADCE479E******5D304C0D8.blog and the domain is dnspod.cn, the domain to be checked should be _26A56EBADCE479E******5D304C0D8.blog.dnspod.cn.
2. Go to the DNS diagnosis tool, enter the target domain, select CNAME, and click Check. Everything is normal if the returned value is the record value prompted in the console.
Checking Whether the Validation IP Is Blocked by the Server
If you wait a long time for the certificate to be issued by the CA after passing the file validation, it's possible that the server or data center has blocked the CA's validation IPs (64.78.193.238 and 216.168.247.9). In that case, add them to the allowlist.

Help and Support

Was this page helpful?

You can also Contact sales or Submit a Ticket for help.

Help us improve! Rate your documentation experience in 5 mins.

Feedback

tencent cloud

SSL Certificates

What Should I Do If the Issue of a Free SSL Certificate Takes Too Long or Failed?

Checking the CAA Record

`dig` command

DNS diagnosis tool

Solution

Checking the DNS Record

Checking Whether the Validation IP Is Blocked by the Server

Help and Support

Host	Record Type	Split Zone	Record Value
@	CAA	Default	0 issuewild "sectigo.com"
@	CAA	Default	0 issue "sectigo.com"