When connecting your domain to HubSpot, SSL for your domain will be provisioned automatically. However, in some cases, an error may occur.
To troubleshoot your SSL:
- In your HubSpot account, click the settings icon settings in the main navigation bar.
- In the left sidebar menu, navigate to Domains & URLs.
- At the top, identify the error. Then, follow the respective troubleshooting steps below.
There was a problem issuing the SSL certificate for <www.yourdomain.com>
HubSpot is unable to issue the SSL for the subdomain because it, or its parent domain, has a Certificate Authority Authorization (CAA) record which doesn’t include Digicert. To resolve this, you'll need to edit your CAA record or add a CAA record for your root domain.
To troubleshoot this issue:
- In your DNS provider, access your CAA record.
- Edit the CAA record to include Digicert with a flag, a tag, and a value:
- flag: 0
- tag: issue
- value: digicert.com
The record should read: 0 issue ‘digicert.com’
Once you add Digicert to the CAA record for the root domain, HubSpot will attempt to provision SSL within four hours. If this error has been present for more than 30 days, HubSpot will not automatically provision SSL after the CAA record is updated. Please contact HubSpot support if it's been more than 30 days since the error appeared.
The SSL certificate for www.yourdomain.com couldn't be validated
HubSpot couldn't validate the SSL certification for your domain. There are three possible causes, which will be indicated in the error message details:
The domain does not have a Whois email
The domain is not currently associated with an email address in the Whois email registry, and HubSpot is unable to send the SSL validation email. To troubleshoot this:
- Log in to your DNS provider and navigate to the records for the domain.
- Edit your Whois email.
- In HubSpot, click Click here to confirm you own this domain. This will send a validation email to your updated email address.
- Open the email in your inbox to confirm that you own the domain. HubSpot will then provision the SSL certification for this domain.
If you're unable to update your Whois email, contact support for an alternative SSL pre-provisioning method.
The domain requested for validation is not valid
Please update your CNAME record for this domain
www.yourdomain.com has been marked as potentially unsafe by Google
Google maintains a list of URLs that contain malware or phishing. If the domain you are connecting matches any domain in this list, HubSpot cannot provision SSL. If you have Google Search Console, an alert will appear in the domain’s security issues report.
www.yourdomain.com has been marked as potentially unsafe by PhishTank
PhishTank is an anti-phishing site that maintains a list of URLs with potential malware or phishing scams. If the domain you are connecting matches any domain in this list, HubSpot cannot provision SSL for your domain. If your domain does not include malware or phishing scams, report a false positive to PhishTank.
We were unable to validate www.yourdomain.com
There is an unknown issue when attempting to provision SSL for your subdomain. Please contact HubSpot support.