Short.io provides SSL certificates for short links for free. After adding a domain to Short.io, you need to wait up to one hour until HTTPS for short URLs is activated.

Sometimes SSL certificate cannot be activated, due to an issue with domain configuration. When setting up a short domain for Short.io, A-records that point to Short.io IP addresses take place.

Along with A-records, a Certification Authority Authorization (CAA) record may also be listed. Adding CAA into a domain setup is not mandatory; however, certain companies choose to utilize it.

Sometimes, CAA records may interrupt a correct configuration of the SSL-certificate on Short.io.

A Certification Authority Authorization (CAA) record designates the specific certificate authorities (CAs) permitted to issue a certificate for a given domain. If no CAA record is specified, any certificate authority is allowed.

CAA records can set policy for the entire domain or subdomains. Subdomains inherit values of CAA records. Therefore, a CAA record set on a short domain also applies to any subdomain, such as subdomain.short.domain. To set allowance for another CA for subdomain.short.domain, a separate CAA record must be added.

To allow the issuance of an SSL certificate for a given short domain to a certificate authority, you should add a CAA record to the domain in your Registrar's settings.

It takes up to one hour until HTTPS for short URLs is activated.

For more information on CAA records please refer to: https://support.dnsimple.com/articles/caa-record/

Sometimes, your Let's Encrypt CAA record might fail the certification checks for various reasons. In these situations, we can transition to ZeroSSL provided that an additional ZeroSSL CAA record is also included as a backup.

Create a second CAA record to prevent failures:

<your-domain-name> CAA 0 issue "zerossl.com"