The main reason for Vercel not automatically generating an SSL certificate for your domain is because of an incorrect or conflicting CAA record. Domains with the correct CAA record will always have the value
0 issue "letsencrypt.org" without any other CAA records being present.
You can verify your domain is using the correct CAA record by checking with whatsmydns.net. If your CAA record is incorrect, or another is present, we recommend you remove it and/or add the correct CAA record to your DNS provider.
The CAA record should be either empty or with the value
0 issue "letsencrypt.org". You can also have multiple CAA records, for more advanced needs.
Custom CAA record settings require an Enterprise plan.
If you have followed the instructions above successfully, your domain will now automatically generate a SSL certificate.
For any further questions or concerns, please contact Vercel Support using the support form available from the Vercel dashboard.