Google Managed SSL Certificate / CAA support?

[Jon]

Hello,

I am attempting to provision a google manage ssl certificate for my domain, however I am stuck in the `FAILED_CAA_FORBIDDEN` state:

I have attempted to allow google to provision SSL certificates by adding

xxx.          60      IN      CAA     0 issue "pki.goog"

to my DNS entries for my domain, but the error has not cleared.

Is there any supported intersection of CAA records I can add... or does the google managed SSL certificate system not support CAA records at this time?

[mebad...@google.com]

By Google manage SSL certificate, do you mean that you obtained the certificate using one of the following steps from the document[1]

[1]https://support.google.com/domains/answer/7630973?hl=en 

This error usually means that one or more domain names have failed validation due to a Certification Authority Authentication (CAA) error, check your CAA DNS records. If you receive this error after your Google managed Certificate request has been successfully validated, you must update your CAA records and request a certificate again.

As per my knowledge, Cloud DNS supports CAA records, see the attached link [2] for more details 

[2]https://cloud.google.com/dns/docs/overview#supported_dns_record_types

Also, check this link[3] on how to configure CAA record in google.

[3]https://www.techrepublic.com/article/how-to-add-a-certificate-authority-authorization-record-in-google-domains/ 

Are you using  Google or third-party Domain hosting?

[Jon]

Yes the important part is that google managed ssl certificates appear to be using lets encrypt at the moment.

60 IN CAA 0 issue "letsencrypt.org"