Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
The operating system my web server runs on is (include version): N/A
My hosting provider, if applicable, is: Squarespace
I can login to a root shell on my machine (yes or no, or I don’t know): N/A
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): N/A
I’m trying to get the SSL certificate assigned to this site and the Squarespace team has told me to reach out here since the issue is that the domain itself has a top keyword. However, I work for Walmart and need this domain to be secured as it’s for a recruiting microsite that we quickly built out on Squarespace. Is there anything that can be done in order to whitelist this domain so that on the Squarespace settings page the SSL can be issued. Thanks!
Is that the exact domain you're having trouble with? Did Squarespace provide you with an error message that Let's Encrypt returned to them when trying to issue for the domain?
This exact domain isn't one that we would block based on policy. Subdomains and TLD variations of walmart.com would be blocked but not realatwalmart.com.
I think there might be some crossed wires here because we don't block domains based on keywords, strictly full matches to domains.
Yep that’s the exact domain. And the site is properly connected from our DNS manager to the site itself just waiting for the SSL. I’ll follow-up with the Squarespace team, but is there any way to just get the certificate forced processed through this forum? Or is there an error that you’re expecting to be the issue?
Great! Thanks for verifying. That lets us rule out that the problem is a Let's Encrypt policy or anything to do with walmart.com being considered a high value domain.
I took a look at our server-side logs and it looks like the Squarespace validation is failing because your domain has a CAA policy configured in your DNS zone that specifies you don't want to allow Let's Encrypt to issue for realatwalmart.com:
That "issue" value says that the people that configured your DNS only want to allow GloablSign to issue for your domain.
is there any way to just get the certificate forced processed through this forum
The only way that Let's Encrypt will be able to issue a certificate for realatwalmart.com is if you get whoever is responsible for the realatwalmart.com DNS to update your configured CAA policy to allow Let's Encrypt in addition to GlobalSign.