If your custom domain is registered in HeySummit but visitors see a certificate or secure-connection error, your DNS may have Certificate Authority Authorization (CAA) records that do not allow the certificate authority used for the domain.
When this applies
You only need to check CAA records if your domain already has one or more CAA records. If your domain has no CAA records, this article is usually not relevant.
Add the Google Trust Services CAA record
Google Trust Services documents the CAA value needed to authorize certificate issuance as:
Type: CAA
Name: @, or the host your DNS provider requires for the affected domain
Value: 0 issue "pki.goog"
DNS providers format CAA records differently. If your provider has separate fields, choose the issue tag and enter pki.goog as the CA domain name.
Keep the HeySummit validation records
In HeySummit, go to Event Setup > Settings > Event Domain and make sure the domain also has the required CNAME record pointing to fallback.heysummit.com. If HeySummit shows TXT records for domain ownership or certificate validation, add those exact TXT records too.
Refresh the domain status
After updating DNS, wait for the records to propagate, then return to Event Domain and refresh the custom domain status. If the domain still does not validate, check whether CAA records exist on the parent domain or anywhere in the CNAME chain, because those records can also affect certificate issuance.
