I’m trying to map a Firebase Hosting app to a custom domain. I’ve followed this process more than 40 times on other apps but for some reason, this site just isn’t playing ball.

In Firebase Hosting I’ve added the custom domain and validated the domain with a txt record. Google Webmaster Central is showing that the domain has been validated and I'm a verified owner. I then added the a- record and this has fully propagated (added over 7 days ago). It is definitely the correct IP address.

TXT record google-site-verification=K4i4LrHOe9pcXXUbcanyZ_IUsz1E5Sq2kjR6c9Yn4H0 shown on https://www.whatsmydns.net/#TXT/kingston.ac.uk

A-record shown on https://www.whatsmydns.net/#A/experience.kingston.ac.uk and this is working as the site loads when you bypass the security error.

Firebase has switched to saying the custom domain is “Pending” but normally the SSL is provisioned within an hour or two. It’s been stuck at this stage for 7 days and Firebase Support have not responded to my support ticket for more than 4 days now.

I tried removing the custom domain and added it again but it didn't make any difference.

Thanks!

CodePudding user response：

It turns out the reason the SSL wouldn't provision was that the domain was utilising CAA records that restricted SSL provisioning to certain CA providers. Once CAA records had been added to the sub-domain as follows it was provisioned within minutes.

experience.kingston.ac.uk.  IN  CAA 0 issue "pki.goog"
experience.kingston.ac.uk.  IN  CAA 0 issue "letsencrypt.org"
experience.kingston.ac.uk.  IN  CAA 0 issuewild ";"