Hi,
we are having problems deploying an SSL certificate for our custom domain myuntha-stage.px.at for the site untha-portal-2021-stage.
The verification step works without problems, but in the second step (Provision certificate), we are getting the error “We could not provision a Let’s Encrypt certificate for your custom domain.”
Our DNS configuration looks like this, we are using Route53 as our DNS Provider:
Hi, @pixelart. The issue in this case is that there are CAA type DNS records blocking anyone but amazon.com from creating SSL certificates for this domain (or any of its subdomains):
myuntha-stage.px.at. 300 IN CAA 0 issue "amazon.com"
You will need to delete or modify that CAA record above in order for Let’s Encrypt to be able to provision SSL certificate for this domain.
Let’s Encrypt as more documentation about this here:
This topic on the Let’s Encrypt support forums also has a great example of the required records:
If you have other questions or if you still cannot get an SSL certificate provisioned after updating the CAA record, please let us know.
I had an existing domain on Hover and used to run my website from a self-hosted Hetzner VPS. But during the past decade, the website and my server had become a mess. I wanted to start using a static site generator and to make deployment easier.
hi mitchela, this seems unrelated - and we’re probably best able to answer if we know the actual question 
would you mind starting a new thread with a bit more information so we can assist?
Thank you that fixed it, our CAA record is now:
0 issue "amazon.com"
0 issue "letsencrypt.org"