My Redirect (RDR) record has an invalid SSL certificate

In some cases, after creating a Redirect (RDR) DNS record, you might run into an issue where the domain that was supposed to be redirected is not configured with a working SSL certificate. This article tries to help you understand what caused this and how to fix it.

The certificate is currently being issued

If you just created the Redirect record, it's possible that the certificate is currently being issued. It can take from a few seconds to a few minutes for the SSL to fully activate.

The record was created before Bunny DNS was fully active

If a Redirect (RDR) DNS record was created before the domain name was fully pointing to Bunny DNS, it could be that the certificate authority was unable to successfully validate your domain. This means Bunny DNS would not be able to issue the certificate.

If this is the case, we recommend removing and recreating the Redirect record. If the DNS is now fully pointing to Bunny DNS, the certificate should issue within a few minutes.

CAA records are blocking Let's Encrypt from issuing a certificate

If your domain is configured with a custom CAA security record, Let's Encrypt might be unable to issue the certificate on your behalf. In this case, we suggest using a Pull Zone with a redirect Edge Rule instead and issuing your own certificate for the domain.

Other issues with Let's Encrypt

bunny.net uses Let's Encrypt to issue SSL certificates on your behalf. If everything else fails, the issue with the SSL certificate likely lies within the Let's Debug validation. We suggest running a check for your domain with the Let's Debug Tool.

If Let's Debug is still not able to find any issues, please reach out to our Support Team through the control panel.

Table of Contents

Was this article helpful?
0 out of 0 found this helpful