Pardot SSL Failing After Adding LetsEncrypt CAA to DNS

crmdjoohn · February 26, 2020, 7:49pm

I’m trying to enable SSL for my tracker domain and I was told to add Let’s Encrypt CAA to my DNS, which is Azure. I ran the script to add the Let’s Encrypt CAA to my domain and it said successfil, but it’s not propagating (It’s been weeks). When I try to enable SSL for my tracker domain in Pardot, it still fails. Any suggestions would be much appreciated. Thank you !

My domain is: sirtex.com

I ran this command: https://gist.github.com/GraafG/59961e637180154194994eea0661f3ae

It produced this output: Successful

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is: Unsure

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): Unsure

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): N/A

JuergenAuer · February 26, 2020, 8:09pm

Hi @crmdjoohn

that's expected. Checking your domain - https://check-your-website.server-daten.de/?q=sirtex.com#caa

2020-02-26.sirtex.com

Only digicert.com is allowed to create certificates, not Letsencrypt.

Add it again, then recheck the domain to see, if the entry is visible.

stevenzhu · February 26, 2020, 8:10pm

Hi,

What would happen if you login to your azure portal and list the CAA record for this domain? Have you tried to add it manually on that portal?

Thank you

crmdjoohn · February 26, 2020, 8:27pm

I’m sorry if this is not the information you’re looking for, but it appears the Let’s Ecrypt CAA file is on the DNS, but it’s not propagating?

JuergenAuer · February 26, 2020, 8:36pm

That’s the wrong entry. And that entry is propagated.

See https://check-your-website.server-daten.de/?q=letsencrypt-caa.sirtex.com

That’s an entry with the letsencrypt-caa.sirtex.com domain name.

2020-02-26.letsencrypt-caa.sirtex.com

Domain name must be sirtex.com, value must be letsencrypt.org, not ca1.sirtex.com.

Find your existing sirtex.com entry, add a second.

stevenzhu · February 26, 2020, 9:02pm

Same as @JuergenAuer’s response.

Instead of command line, can you try to do that in the actual portal for Azure? (It’ll give more sense actually).
It’s fine to not have access or not do it, but the portal generally will make life easier for users.
(The current address) of the portal is portal.azure.com

Thank you

system · March 27, 2020, 9:02pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.