Hi, @huckbit, I found one more issue.
The DNS record is pointing to the apex/bare/root domain (
netlify.app) and not the site subdomain:
iverb.huckbit.com. 300 IN CNAME netlify.app.
That is a problem because then the CAA records for our domain apply:
$ dig iverb.huckbit.com CAA +noall +answer
; <<>> DiG 9.10.6 <<>> iverb.huckbit.com CAA +noall +answer
;; global options: +cmd
iverb.huckbit.com. 299 IN CNAME netlify.app.
netlify.app. 1799 IN CAA 128 issue "globalsign.com"
netlify.app. 1799 IN CAA 128 iodef "mailto:email@example.com"
This prevents the SSL certificate from being provisioned. Please change that record to this:
iverb.huckbit.com. 300 IN CNAME iverb.netlify.app.
Once that is done, the SSL certificate provision should work. If not, please let us know.