Invalid CAA Records

I am having some serious issues on my Website regarding CAA Records. Just wanted to see if anyone knew anything about this.

I have contacted Cloudflare already as that is where I manage all my DNS Records from. This is what I said to them:

“I am trying to get a new SSL Cert from zerossl.com as PHP does not seem to like Self-Signed Certs, but when I click Verify, it keep getting the error “Invalid CAA Records”. Not sure what has caused this as I have never touched CAA Records before. I tried adding a CAA Record but that does not seem to do anything. This seriously affects my Core web APIs completely stopping them from working.”

That sums up my problem pretty much. If anyone knows anything about this I would be really grateful for the support

Why not just use the Free Ssl Certificate on InfinityFree?
https://app.infinityfree.net/acmeDomains

With no hassle, faster, and for free!

Also additional information:

You might be wondering why ZeroSSL doesn’t work so here’s a Knowledge Base article that explains why:

We don’t publish any CAA records on our nameservers. If a domain does not have CAA records, it means that any SSL provider is allowed to issue SSL certificates for any domains we provide.

So I don’t know what kind of CAA records ZeroSSL sees, because they should not see any and that should be all.

Also, if you’re using Cloudflare’s nameservers, this is an issue completely outside of InfinityFree. If a third party tool says that the DNS records at a third party provider are wrong, then that means the issue is probably between those providers.

And finally, I can’t for the live of me figure out why you would want to use a service like ZeroSSL. We provide free SSL certificates for an unlimited number of domains with free unlimited renewals. And, unlike with third party tools, we can actually help you getting your InfinityFree SSL certificate set up with a domain hosted on InfinityFree.

Because it doesnt work lol
The system doesnt detect the CName Records and even when it does it just fails to generate one.

Like I said above, the SSL System just doesnt work. It either doesnt detect the CName records or just doesnt generate the SSL Cert.

You should even show us the error when you’re trying to do it.

Next time it happens, I will.

@Admin - This is what happens with the SSL Certs on the InfinityFree Site.
These two records have been on the domain for over 24 hours. I know from experience that Cloudflare adds records almost instantly anyway.

image1096×466 25.1 KB

Did you add the CNAME records on/using Cloudflare DNS Manager?

You should add it using the cloudflare and make the cname records not Proxied or make the color orange cloud into a gray one, you know.

I added them on Cloudflare, then added them via the Control Panel.

Please try and add them again, I got both cnames from a dns check;

_acme-challenge.www.tbmproduction.com. 299 IN CNAME may3l3kzxvcuch4h5byh.acme.infinityfree.net.

And another record;

_acme-challenge.tbmproduction.com. 199 IN CNAME a17zk5xt26zhzweskrme.acme.infinityfree.net.

Attempt to recheck the CNAMES in the ssl verification

Only add them on cloudfare and make it unproxied.

Thanks! This has actually worked now!

I know I keep posting here, but its easier than creating a new topic
Is this error because of the Cert on the running the file_get_contents or the domain in the url of the file_get_contents?

image1350×224 15.6 KB

I have also just been notified that the SSL Cert issued by the InfinityFree site is transparent.

I’ve never seen this one problem before

Where did you put the SSL Cert that you get from InfinityFree client area?

It should be on Control Panel > SSL/TLS > yourdomain.com > Upload Certificate

Same with the Private Key.

Yes I did, but I figured its the other end, the url inside the file_get_contents. Anyway I figured out a way to stop it verifying the SSL Cert on the remote site.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.