Documentation
An SSL certificate for a domain has failed to generate or renew
Check For Redirects #
This is especially important if you're using a proxy CDN like CloudFlare.
The SSL certificate provisioning process ensures that each and every domain that you have linked to your project is able to respond with a predefined string when requested.
The string for each domain and subdomain is different. This means that if you have a redirect set up in a proxy CDN, redirecting traffic from www.test.com to test.com, an incorrect verification string will be returned because the wrong domain is being queried!
To prevent this from happening you can add a redirect exception for any URL paths beginning with .well-known.
In CloudFlare this might look like:
![](https://images.servd.host/production/Screenshot-from-2020-01-21-21-21-48.png?w=1200&q=82&auto=format&fit=crop&dm=1616150266&s=7f791e1fb4c83a5d302dda1f1dcca441)
Because CloudFlare will only match against one PageRule, the match against .well-known will always take precedence over the redirect to the non-www domain, effectively creating a redirect exception.
(The rule to set the 'Cache Level' to 'Standard' is just to get the PageRule to save, it can be set to anything inconsequential.)
Check for AAAA Records #
If your DNS records contain any AAAA records for the domain being validated, remove them. Servd does not currently support IPv6 addressing for its inbound traffic.