Loading

The SSL Status for my Account Engagement Tracker Domain (CNAME) shows as "Error" or "Processing"

Fecha de publicación: Nov 3, 2025
Descripción
SSL certificates are automatically renewed before expiring. If you make changes to your DNS that could impact the domain, we recommend cross-checking in the Domain Management section of Account Engagement that SSL is still showing verified. Below are some possible steps for resolution if you notice that your Account Engagement's tracker domain's SSL Status is in an Error state or in Processing for too long.

Note: Account Engagement tracker domain can only use the 3rd-party service "Let's Encrypt" to configure SSL certificates. 
Solución

1) Check your CNAME record first. This record is like a digital street sign that directs traffic from your tracker domain (like go.yourcompany.com) to the correct Salesforce server.

  • Go to your DNS Provider (the company that manages your domain, if you are not sure, speak with your IT network team or hosting provider).

  • Find the CNAME record for your tracker domain. You can also use third party tools like Google Admin Toolbox Dig or MXToolbox to look up any existing CNAME record for your tracker domain (enter your tracker domain into the search bar).

  • Make sure the record is pointed correctly to the required go.pardot.com (see documentation for more details. If it is wrong or missing, fix it now.

  • The CNAME entry is used for initial setup of the tracker domain, as well as the redirect process. It is necessary for SSL refresh, and should remain in your domain’s DNS system indefinitely. If your CNAME record entry has been removed or altered, the refresh will fail, even though the domain still shows as validated.

 

2) Check your CAA record. The CAA record controls which company (Certificate Authority) is allowed to issue an SSL certificate for your domain. Account Engagement uses Let's Encrypt.

  • If your root domain (the main part, e.g. yourcompany.com) has any CAA records, you must include an entry for Let's Encrypt.

  • You can use third party tools like Google Admin Toolbox Dig to search for any existing CAA records on your root domain (enter your root domain into the search bar).

  • Ask your IT network team to add a CAA record to your root domain for “letsencrypt.org”.

 

3) Wait 30 Minutes and Re-check the Status in Account Engagement Domain Management. After updating your CNAME or CAA records, you must wait about 30 minutes for the change to spread across the internet.

 

4) If the status is still 'Processing' after 24 hours, log a support case.

  • Open a Support Case with Salesforce.

  • Include your Tracker Domain Name (e.g., go.yourcompany.com).

  • Confirm in the case description that Steps 1 and 2 from this article (CNAME and CAA checks) are complete and correct.

 

Número del artículo de conocimiento

000380950

 
Cargando
Salesforce Help | Article