My Redirect (RDR) Record Has an Invalid SSL Certificate

In some cases, after creating a Redirect (RDR) DNS record, you might run into an issue where the domain that was supposed to be redirected is not configured with a working SSL certificate. This article tries to help you understand what caused this and how to fix it.

If you just created the Redirect record, it's possible that the certificate is currently being issued. It can take from a few seconds to a few minutes for the SSL to fully activate.

If a Redirect (RDR) DNS record was created before the domain name was fully pointing to ClearFront DNS, it could be that the certificate authority was unable to successfully validate your domain. This means ClearFront DNS would not be able to issue the certificate.

If this is the case, we recommend removing and recreating the Redirect record. If the DNS is now fully pointing to ClearFront DNS, the certificate should issue within a few minutes.

If your domain is configured with a custom CAA security record, Let's Encrypt might be unable to issue the certificate on your behalf. In this case, we suggest using a Pull Zone with a redirect Edge Rule instead and issuing your own certificate for the domain.

ClearFront uses Let's Encrypt to issue SSL certificates on your behalf. If everything else fails, the issue with the SSL certificate likely lies within the Let's Debug validation. We suggest running a check for your domain with the Let's Debug Tool.

If Let's Debug is still not able to find any issues, please reach out to our Support Team through the control panel.