Troubleshoot SSL certificate errors
Last updated: April 12, 2024
Available with any of the following subscriptions, except where noted:
All products and plans |
When connecting your domain to HubSpot, SSL for your domain will be provisioned automatically. However, in some cases, an error may occur.
To troubleshoot your SSL:
- In your HubSpot account, click the settings settings icon in the top navigation bar.
- In the left sidebar menu, navigate to Content > Domains & URLs.
- At the top, identify the error. Then, follow the respective troubleshooting steps below.
There was a problem issuing the SSL certificate for <www.yourdomain.com>
HubSpot is unable to issue the SSL for the subdomain because it, or its parent domain, has a Certificate Authority Authorization (CAA) record which doesn’t include Google Trust Services. To resolve this, you'll need to edit your CAA record or add a CAA record for your root domain.
To troubleshoot this issue:
- In your DNS provider, access your CAA record.
- Edit the CAA record to include Google Trust Services with a flag, a tag, and a value:
-
- flag: 0
- tag: issue
- value: pki.goog
The record should read: 0 issue ‘pki.goog’
Once you add Google Trust Services to the CAA record for the root domain, HubSpot will attempt to provision SSL within four hours. If this error has been present for more than 30 days, HubSpot will not automatically provision SSL after the CAA record is updated. Please contact HubSpot support if it's been more than 30 days since the error appeared.
The SSL certificate for www.yourdomain.com couldn't be validated
HubSpot couldn't validate the SSL certification for your domain. There are three possible causes, which will be indicated in the error message details:
The domain does not have a Whois email
The domain is not currently associated with an email address in the Whois email registry, and HubSpot is unable to send the SSL validation email. To troubleshoot this:
- Log in to your DNS provider and navigate to the records for the domain.
- Edit your Whois email.
- In HubSpot, click Click here to confirm you own this domain. This will send a validation email to your updated email address.
- Open the email in your inbox to confirm that you own the domain. HubSpot will then provision the SSL certification for this domain.
The domain requested for validation is not valid
HubSpot is unable to reach the subdomain. Ensure your CNAME record is entered correctly in your DNS provider. If this has been done correctly, please contact HubSpot support.
Please update your CNAME record for this domain
The subdomain does not have a CNAME record pointing to HubSpot. If believe you’ve set up your CNAME record correctly, please contact HubSpot support.
www.yourdomain.com has been marked as potentially unsafe by Google
Google maintains a list of URLs that contain malware or phishing. If the domain you are connecting matches any domain in this list, HubSpot cannot provision SSL. If you have Google Search Console, an alert will appear in the domain’s security issues report.
To resolve this, submit a request to Google for a review of your affected page, or contact HubSpot support for further assistance.
www.yourdomain.com has been marked as potentially unsafe by PhishTank
PhishTank is an anti-phishing site that maintains a list of URLs with potential malware or phishing scams. If the domain you are connecting matches any domain in this list, HubSpot cannot provision SSL for your domain. If your domain does not include malware or phishing scams, report a false positive to PhishTank.
We were unable to validate www.yourdomain.com
There is an unknown issue when attempting to provision SSL for your subdomain. Please contact HubSpot support.
The SSL certificate for www.yourdomain.com couldn't be activated with Cloudflare.
Your domain has been blocked by Cloudflare. To resolve this, click Email Support in the banner, which will open a pre-filled email to abusereply@cloudflare.com. Communicate with the team to resolve the error.