Are you using DNS Certification Authority Authorization (CAA) resource records to authorize CAs to issue certificates for your domains? Do you need to authorize DigiCert to issue certificates for your domains?
If you answered yes to both questions, use these instructions to authorize DigiCert to issue certificates for your domains.
Open the CAA DNS zone file.
Contact your domain registrar for more detailed information on accessing and editing DNS records on your domains.
In the file, under $ORIGIN yourdomain, add the following lines as needed:
TLS: "issue” property tag only
If only using the “issue” property tags, this single CAA record applies to all hosts and subdomains under your domain, including www.yourdomain, shop.yourdomain, *.yourdomain, *.shop.yourdomain, and so on.
TLS: “issue” and “issuewild” property tags
If using the “issue” and “issuewild” property tags, this CAA record applies to all hosts and subdomains under your domain, including www.yourdomain, shop.yourdomain, *.yourdomain, *.shop.yourdomain, and so on
$ORIGIN yourdomain.com . CAA 0 issue "digicert.com" . CAA 0 issuewild “digicert.com”S/MIME: "issuemail" property tag
If using the "issuemail" property tag, this single CAA record applies to all hosts and subdomains under yourdomain, including www.yourdomain, mailbox.yourdomain, and so on.
Complete the CAA record check
Contact DigiCert Support to complete the certificate CAA record check for the domain.