Skip to content

Why is my domain not automatically generating an SSL certificate?

The main reason for Vercel not automatically generating an SSL certificate for your domain is because of an incorrect or conflicting CAA record. Domains with the correct CAA record will always have the value 0 issue "" without any other CAA records being present.

Verifying the CAA Record

You can verify your domain is using the correct CAA record by checking with If your CAA record is incorrect, or another is present, we recommend you remove it and/or add the correct CAA record to your DNS provider.

The CAA record should be either empty or with the value 0 issue "". You can also have multiple CAA records, for more advanced needs.


Custom CAA record settings require an Enterprise plan.

If you have followed the instructions above successfully, your domain will now automatically generate a SSL certificate.

Vercel Support

For any further questions or concerns, please contact Vercel Support using the support form available from the Vercel dashboard.

Couldn't find the guide you need?