Skip to content

Troubleshoot SSL certificate errors

Last updated: June 13, 2023

Available with any of the following subscriptions, except where noted:

All products and plans

When connecting your domain to HubSpot, SSL for your domain will be provisioned automatically. However, in some cases, an error may occur.

To troubleshoot your SSL:

  • In your HubSpot account, click the settings settings icon in the main navigation bar.
  • In the left sidebar menu, navigate to Website > Domains & URLs.
  • At the top, identify the error. Then, follow the respective troubleshooting steps below.

There was a problem issuing the SSL certificate for <www.yourdomain.com>

HubSpot is unable to issue the SSL for the subdomain because it, or its parent domain, has a Certificate Authority Authorization (CAA) record which doesn’t include Google Trust Services. To resolve this, you'll need to edit your CAA record or add a CAA record for your root domain.

To troubleshoot this issue:

  • In your DNS provider, access your CAA record.
  • Edit the CAA record to include Google Trust Services with a flag, a tag, and a value:
    • flag: 0
    • tag: issue
    • value: pki.goog

The record should read: 0 issue ‘pki.goog’

Once you add Google Trust Services to the CAA record for the root domain, HubSpot will attempt to provision SSL within four hours. If this error has been present for more than 30 days, HubSpot will not automatically provision SSL after the CAA record is updated. Please contact HubSpot support if it's been more than 30 days since the error appeared.

The SSL certificate for www.yourdomain.com couldn't be validated

HubSpot couldn't validate the SSL certification for your domain. There are three possible causes, which will be indicated in the error message details:

The domain does not have a Whois email

ssl-whois

The domain is not currently associated with an email address in the Whois email registry, and HubSpot is unable to send the SSL validation email. To troubleshoot this:

  • Log in to your DNS provider and navigate to the records for the domain.
  • Edit your Whois email.
  • In HubSpot, click Click here to confirm you own this domain. This will send a validation email to your updated email address.
  • Open the email in your inbox to confirm that you own the domain. HubSpot will then provision the SSL certification for this domain.
If you're unable to update your Whois email, contact support for an alternative SSL pre-provisioning method.

The domain requested for validation is not valid

ssl-domain-request-not-valid

HubSpot is unable to reach the subdomain. Ensure your CNAME record is entered correctly in your DNS provider. If this has been done correctly, please contact HubSpot support.

Please update your CNAME record for this domain

ssl-update-cname

The subdomain does not have a CNAME record pointing to HubSpot. If believe you’ve set up your CNAME record correctly, please contact HubSpot support. 

www.yourdomain.com has been marked as potentially unsafe by Google

ssl-google-unsafe

Google maintains a list of URLs that contain malware or phishing. If the domain you are connecting matches any domain in this list, HubSpot cannot provision SSL. If you have Google Search Console, an alert will appear in the domain’s security issues report.

To resolve this, submit a request to Google for a review of your affected page, or contact HubSpot support for further assistance.

www.yourdomain.com has been marked as potentially unsafe by PhishTank

ssl-phishtank

PhishTank is an anti-phishing site that maintains a list of URLs with potential malware or phishing scams. If the domain you are connecting matches any domain in this list, HubSpot cannot provision SSL for your domain. If your domain does not include malware or phishing scams, report a false positive to PhishTank.

We were unable to validate www.yourdomain.com

ssl-unable-to-validate

There is an unknown issue when attempting to provision SSL for your subdomain. Please contact HubSpot support.

The SSL certificate for www.yourdomain.com couldn't be activated with Cloudflare.

ssl- errors

Your domain has been blocked by Cloudflare. To resolve this, click Email Support in the banner, which will open a pre-filled email to abusereply@cloudflare.com. Communicate with the team to resolve the error. 

Was this article helpful?
This form is used for documentation feedback only. Learn how to get help with HubSpot.