Squarespace SSL cert could not be issued

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: blog.thelorry.com

I ran this command: Squarespace setup process

It produced this output: There was an error creating your certificates.

My web server is (include version): N/A

The operating system my web server runs on is (include version): N/A

My hosting provider, if applicable, is: Squarespace

I can login to a root shell on my machine (yes or no, or I don’t know): No, squarespace managed hosting

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): N/A

I was trying to get my an SSL cert issued for a blog of the company I’m working at and wasn’t able to do so for months. We have a lot of back and forth in emails and made sure my DNS was exactly the same as what Squarespace required but the SSL still keeps going to processing state and shows the aforementioned error message after few days and we would get the process restart, same issue, rinse and repeat for months.

They (squarespace support) finally came out with the conclusion that my domain provider is causing the issues, preventing certificates from being issued and gave me 2 option, transfer the domain to squarespace (not happening) or run it insecure (not acceptable per my company policy).

However I didn’t have the same issue with my site running on firebase (auth.thelorry.com) which uses letsencrypt as well or any other CA that we used previously. Can you help me check if there’s any changes that I should make on my side to make this work or if anything else is causing the issue?

For the record this is my current CAA record for my top level domain thelorry.com:
0 issuewild “amazon.com
0 issue “comodoca.com
0 issuewild “letsencrypt.org
0 issue “letsencrypt.org

No CAA record has been set for blog.thelorry.com as it has a CNAME record linking to squarespace, which as far as I know should use the linked cname settings instead?

Hi @thelorrydotcom

I don’t see an error.

Domainname flag Name Value ∑ Queries ∑ Timeout
ext-cust.squarespace.com 0 no CAA entry found 1 0
www.blog.thelorry.com 0 no CAA entry found 1 0
blog.thelorry.com 1 0
squarespace.com 0 no CAA entry found 1 0
thelorry.com 9 issuewild amazon.com 1 0
5 issue comodoca.com 1 0
5 issue letsencrypt.org 1 0
9 issuewild letsencrypt.org 1 0
com 0 no CAA entry found 1 0
0 no CAA entry found 1 0

There are no blocking or wrong written CAA entries.

There are older certificates ( https://check-your-website.server-daten.de/?q=blog.thelorry.com )

CRT-Id Issuer not before not after Domain names LE-Duplicate next LE
1079798132 CN=COMODO RSA Domain Validation Secure Server CA, O=COMODO CA Limited, L=Salford, C=GB, ST=Greater Manchester 2019-01-03 23:00:00 2020-01-04 22:59:59 *.thelorry.com, Domain Control Validated, EssentialSSL Wildcard, thelorry.com
2 entries
1262156839 CN=Amazon, OU=Server CA 1B, O=Amazon, C=US 2018-10-03 22:00:00 2019-11-04 11:00:00 *.thelorry.com, thelorry.com
2 entries
646518652 CN=COMODO RSA Domain Validation Secure Server CA, O=COMODO CA Limited, L=Salford, C=GB, ST=Greater Manchester 2018-08-12 22:00:00 2019-01-04 22:59:59 *.thelorry.com, Domain Control Validated, EssentialSSL Wildcard, thelorry.com
2 entries
630926280 CN=Amazon, OU=Server CA 1B, O=Amazon, C=US 2018-07-17 22:00:00 2019-08-18 10:00:00 *.thelorry.com, thelorry.com
2 entries

but no Letsencrypt certificate.

Looks like a Squarespace problem.

1 Like

I agree with @JuergenAuer’s assessment so far (thanks!).

@thelorrydotcom Did Squarespace share any concrete error messages with you? The Let’s Encrypt API will return error messages that specify what the problem preventing certificate issuance is. It would be helpful if Squarespace could pass along what error messages indicated to them that your domain provider is at fault.

Hi, thanks for all the help here, but unfortunately I’m afraid I can’t provide the error message as within a day I posted here (I also sent another email to squarespace team at the same time) I was informed by squarespace team via email that my cert suddenly started working after months of attempt without any mention of what was the error message/code.

I’m still wondering what has been bugging my domain but looks like it’s not an answer I’ll ever get from them, but I’m happy enough that it’s working now. Definitely appreciate all the help here.

2 Likes

Thanks for following up @thelorrydotcom! Glad to hear you have a working certificate for your website now.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.