The main reason for Vercel not automatically generating an SSL certificate for your domain is because of an incorrect or conflicting CAA record. Domains with the correct CAA record will always have the value
0 issue "letsencrypt.org" without any other CAA records being present.
You can verify your domain is using the correct CAA record by checking with whatsmydns.net. If your CAA record is incorrect, or another is present, we recommend you remove it and/or add the correct CAA record via our DNS UI. This can be accessed by clicking on your domain from your Vercel account domain's dashboard.
You may also use the DNS UI to remove and add your CAA records.
If you have followed the instructions above successfully, your domain should now automatically generate a SSL certificate.
record-id, use the
vercel dns lscommand.