Customer StoriesReadMe Blog

If you're having problems setting up your domain with us to auto generate an SSL/TLS certificate, this could be due to a few different issues.

# Have you setup your CNAME?

You can test that your domain is setup correctly using `dig`:


# Do you have CAA records set up?
In most situations, ReadMe does not require you to make changes to [CAA records](🔗) set up on your domain. However, in rare situations our Custom Domains page might request that you add CAA records for `letsencrypt.org` and `pki.goog`.
You can view your CAA record using this site: <https://dnsspy.io/labs/caa-validator>
**If you have accidentally set a CAA record, it may take up to 24 hours for your cert to be regenerated by us.**
issue vs issuewild
Your CAA record must use the `issue` tag, not `issuewild`. Our custom hostnames and SSL certificates only work for a single host. If your only `letsencrypt.org` or `pki.goog` CAA record contains the `issuewild` tag, we will not be able to issue a certificate on your behalf.
# Do you have another server also generating certs for this domain?
Use <https://crt.sh/> to query whether some other web server has also been generating certs for your domain.
If you're using another CDN and having problems with SSL certs, please contact ReadMe Support
# Is the certificate that is being returned out of date?
If you receive an error like the following in Chrome with an error code `NET::ERR_CERT_DATE_INVALID` then this means that the certificate has expired.
1380

This can happen for a couple of reasons:
  • The custom domain that you're trying to generate for has previously been used on a ReadMe project and has since lapsed or been deleted.
  • You now have a CAA record set up, and you didn't when we initially generated the cert for you.
If you're confident that you have correctly setup your DNS record after recent changes, you can re-trigger the certificate validation process by deleting and re-adding your custom hostname in ReadMe's dashboard.