How to check if SSL certificate is issued

What is the Problem?

After creating a container in the JENTIS DCP, customers may face uncertainty about whether the certificate for their subdomain has been successfully issued. The process of issuing the SSL certificate is crucial for secure communication between the server and users. However, customers might not be sure how to verify if the certificate has been issued correctly, leading to confusion and concern.

What is the Solution?

One of the most common problems why certificates are not issued is, that the DNS-Server does not allow certificate issuance from Let’s Encrypt. Therefore, CAA-Records have to be set in the DNS-Settings.

A Certification Authority Authorization (CAA) record is used to specify which certificate authorities (CAs) are allowed to issue SSL certificates for a domain. Setting up a CAA record in your DNS is essential to control the certificate issuance process and allow Let's Encrypt to issue SSL certificates for your domain. In this tutorial, we'll guide you through the steps to add a CAA record to your DNS settings.

Prerequisites:

1. Access to your domain's DNS settings through your domain registrar or hosting provider's control panel.

Step 1: Locate DNS Settings

1. Log in to your domain registrar or hosting provider's website.

2. Navigate to the control panel or domain management section.

3. Look for the "DNS settings" or "DNS management" option for the domain you want to set up the CAA record.

Step 2: Add CAA Record

1. In the DNS management section, find the option to add a new record. This may be labeled "Add Record," "Add DNS Record," or similar, depending on your provider.

2. Select "CAA" from the dropdown menu. The CAA record is specifically used for controlling certificate issuance.

3. Enter the hostname: This is the part of the domain name that precedes the main domain. For example, if your domain is "example.com ," and you want to set up the CAA record for the subdomain "subdomain.example.com," then enter "subdomain" in the hostname field.

4. Enter the CAA value: The CAA value is a string that specifies which certificate authorities are allowed to issue SSL certificates for your domain. To allow Let's Encrypt, you can use the following CAA value:

   CODE

   0 issue "letsencrypt.org"

   This value allows Let's Encrypt to issue SSL certificates for your domain. If you want to specify other CAs or multiple CAs, you can add additional lines with the respective CAA values.

5. Set the TTL (Time to Live): TTL determines how long the DNS information is cached. The default value is usually fine, but you can adjust it if needed.

6. Save the record: Once you've filled in the necessary details, click "Save" or "Add Record" to create the CAA record.

Step 3: Verify the CAA Record

1. To ensure that the CAA record has been set correctly, use online DNS lookup tools or command-line tools like "dig" or "nslookup" to check the CAA record of your domain.

2. Perform a CAA record query for your domain to see if the CAA value you added is correctly associated with your domain.

3. The CAA record should now be in effect and allow Let's Encrypt to issue SSL certificates for your domain.

Check if the SSL certificate for the subdomain has been successfully issued:

Log in to the JENTIS DCP using your credentials. Once logged in, navigate to the "Containers" section. Locate the container for which you want to check the SSL certificate issuance status. Click on the container to view its details. In the container details page, find the subdomain you’ve set the DNS-A-Record for and copy the URL.

Open a new tab in your browser window and paste the subdomain into the URL bar and press “Enter”. After entering the page, you will possibly see a little lock-icon right next to the URL bar. This icon shows, that your site connection is secure and the certificate has been issued successfully.

When entering the “Certificate is valid” pop-up, you can also see, that the certificate is issued by “Let’s Encrypt”

If your certificate has not been issued successfully, you will see “Your connection to this site is not secure”.

If you see this message, please contact the JENTIS Helpdesk for further assistance on the topic.

Summary:

By following this tutorial, you have successfully set up a CAA record in your DNS settings to allow Let's Encrypt to issue SSL certificates for your domain. This helps control the certificate issuance process and adds an extra layer of security to your domain. Remember that DNS changes may take some time to propagate globally, so it may take a short while before your CAA record is fully functional.