SSL disaster.... External DNS (Wix, yes barf I know)

I am helping a friend switch from Wix (where he was hosting AND has domain reg.) to Dreamhost (Wordpress site)… Wix apparantly does not allow name servers to be modified, so we went the route of modifying the A records to point to the proper Dreamhost IP. Ok cool. Except, we did the usual next step I’ve done with every other site I host on dreamhost and added the Let’s Encrypt SSL cert.

Alas… after hours of it being stuck, I searched and found this warning box in the DH knowledgebase:
“If your Nameservers are NOT hosted at DreamHost, you must add CAA records at your current DNS hosting company before adding an SSL certificate in the DreamHost panel.”

Ok so I went on the quest to adding the CAA records on Wix… They don’t support CAA records.

So now this new site is stuck as DH attempting to give it an SSL, when it won’t work, and I am unable to “remove” the cert as it is still in “Order Processing” 5+ hours later.

Any advice?

I have several domain that don’t use DH’s name-servers and DH is able to add Let’s Encrypt certs. The domains have A records pointing to the DH web host (both www and no-www), and there are no CAA record.

The warning you found is unclear. The help page about CAA is more explicit and says that CAA records are not required:

https://help.dreamhost.com/hc/en-us/articles/360029281672-CAA-policy-records

So, maybe the problem isn’t the CAA records? DH Support should be able to help.

1 Like

The “Order Processing” is the issue and can be fixed by DH Support (send a ticket in Panel).

You only require CNAME records.

I’d suggest that your friend considers transferring the domain registration to DreamHost as well. I think they still give you a year’s domain credit to cover the transfer cost.