Vercel + Clerk auth

Hi, we have deployed our Next.js app to Vercel and added a custom domain to it (we configured CNAME to cname.vercel-dns.com and verified our domain with custom TXT record). Nothing unusual.

We have implemented our authentication with Clerk library (https://clerk.com/), but after we wanted to configure Clerk for production, we’re getting this message:

Issue SSL certificates

Clerk is now issuing the SSL certificates for this domain. You do not need to do anything until this process is complete.
SSL certificates Pending
A CAA record blocks issuance of the SSL certificate, please add 'letsencrypt.org' or 'pki.goog' to the CAA records or remove them entirely.

My DNS setting is looking like this:

|OUR_SECRET_DOMAIN.|21600|IN|CNAME|cname.vercel-dns.com.|
|---|---|---|---|---|
|cname.vercel-dns.com.|1800|IN|CAA|0 issue globalsign.com|
|cname.vercel-dns.com.|1800|IN|CAA|0 issue letsencrypt.org|
|cname.vercel-dns.com.|1800|IN|CAA|0 issue sectigo.com|

I contacted Clerk support - they recommended to remove CAA records. Unfortunately they (Clerk team) cannot remove them, as well as my domain provider does not have an access to these CAA records.

What should we do to have both deployed app on Vercel and working authorization (Clerk)?

Expected behavior:

We would like to have functional Clerk in the production env.

Thank you for any kind of help!

Best,

Lukas S.

Fortunately Clerk support was able to manually add SSL certificate.

Please, you can mark this as done. Thank you and have a nice day!

Thanks for coming back and sharing the solution, @thai-saimai!

Hi!

I have the same issue, is contacting the support the current solution?

Currently, yes unfortunately. We are working to try to close out the bug that occasionally causes this SSL cert issue to happen, but in the meantime if it does impact you, reach out to Clerk support and we should be able to resolve it for you in a day or less.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.