SOLVED How do I activate SSL on my host site?

Team Dawes

@joseph-benguira ,
Thanks for the advice.

I added them:
CAA Record toolk.it.com 0 issue "amazon.com"

CAA Record toolk.it.com 0 issuewild "amazon.com"

Team Dawes

I did what you suggested. There's a reply from me waiting in your queue.
I came back to this site and it said it was waiting to post the certificate.
I came back 15 minutes later and got this:

You need to add this CNAME in your domain provider to validate the SSL certificate
CNAME Key: _d561c9638c05688b1795fa9aa1bd438d
CNAME value: _3e06a47c5dda9fa14e0778be51a41984.xlfgrmvvlj.acm-validations.aws.

which again is already in my CNAME.

Joseph Benguira

@team-dawes said in How do I activate SSL on my host site?:

_d561c9638c05688b1795fa9aa1bd438d

I can see the DNS verification is OK
but AWS ACM still return an error when generating your certificate:
"FailureReason":"CAA_ERROR"

I've checked if you added the CAA records, and it seems they are not there, you can check it here:
https://dnschecker.org/#CAA/toolk.it.com

Team Dawes

Hey Joseph, I think I have it all set up.
And the site isn't showing at all.

What needs to happen?

Joseph Benguira

@team-dawes issue is the CAA record seems not propagated as you can see here:
https://dnschecker.org/#CAA/toolk.it.com

Team Dawes

@joseph-benguira, yes, I get that the CAA record hasn't propagated. I check it every day, a couple of times a day.
What's my next step?
How do I get it to propagate?

Joseph Benguira

@team-dawes you have to contact your registrar, it should be propagated in few hours, not taking days. Only the registrar can help with that.

Another option is to use cloudflare:
https://support.appdrag.com/doc/Use-CloudFlare-and-Activate-SSL

Team Dawes

@joseph-benguira , if this issue comes down to - who provides SSL for my website
why don't I just use SSL from NameCheap? They give me SSL when I buy a domain.

Questions:

1. Can I turn on the SSL at Namecheap and use that even though they won't be hosting my website?
2. If I do turn on the SSL at NameCheap, can I still use connect to Appdrag?
3. If I'm not using SSL from Amazon, then
   Do I still need the CNAME record for AWS?
   Do I still need the CAA Records?

Team Dawes

@joseph-benguira ,
OK, toolk.it.com is up and discoverable, I believe.
I'm not sure where the SSL is coming from. I have SSL from Namecheap.
Should I be using that?

Joseph Benguira

@team-dawes No you can't use SSL from namecheap since they are not doing the hosting process, only alternative is Cloudflare because they offer a free reverse proxy system including SSL termination

or go back to step 1, fix your DNS CAA record
https://dnschecker.org/#CAA/toolk.it.com

for that please ask help to your registrar, or migrate to Cloudflare they will handle your nameservers