Having Problems Generating SSL?

If you're having problems setting up your domain with us to auto generate an SSL/TLS certificate, this could be due to a few different issues.

Have you setup your CNAME?

You can test that your domain is setup correctly using dig:

dig @ +short CNAME developer.example.com

Do you have CAA records set up?

In most situations, ReadMe does not require you to make changes to CAA records set up on your domain. However, in rare situations our Custom Domains page might request that you add CAA records for letsencrypt.org and pki.goog.

You can view your CAA record using this site: https://dnsspy.io/labs/caa-validator

If you have accidentally set a CAA record, it may take up to 24 hours for your cert to be regenerated by us.


issue vs issuewild

Your CAA record must use the issue tag, not issuewild. Our custom hostnames and SSL certificates only work for a single host. If your only letsencrypt.org or pki.goog CAA record contains the issuewild tag, we will not be able to issue a certificate on your behalf.

Do you have another server also generating certs for this domain?

Use https://crt.sh/ to query whether some other web server has also been generating certs for your domain.

If you're using another CDN and having problems with SSL certs, please contact ReadMe Support

Is the certificate that is being returned out of date?

If you receive an error like the following in Chrome with an error code NET::ERR_CERT_DATE_INVALID then this means that the certificate has expired.


This can happen for a couple of reasons:

  • The custom domain that you're trying to generate for has previously been used on a ReadMe project and has since lapsed or been deleted.
  • You now have a CAA record set up, and you didn't when we initially generated the cert for you.

If you're confident that you have correctly setup your DNS record after recent changes, you can re-trigger the certificate validation process by deleting and re-adding your custom hostname in ReadMe's dashboard.