When you create a survey account, you will receive a ".freshsurvey.io" domain by default, which is automatically enabled with an SSL certificate. However, if you use a custom domain (for example, survey.yourcompany.com) for your survey account, you need to verify the domain and add DNS records in the DNS manager to enable SSL certificate. 

Freshworks renews and updates the SSL certificates for your survey account URL every 45 days to ensure uninterrupted service. However, sometimes SSL certificate renewal may fail due to the following reasons:

IssueSteps to resolve

An issue with your DNS mapping,

Map the given CNAME records to your custom domain with your DNS provider. Once the DNS mapping is successfully completed, your certificate will be renewed.

An issue with the authorities of your CAA record

This happens when CAA record is set in your DNS provider, but the values do not include letsencrypt.org or pki.goog.

Please add a CAA record for letsencrypt.org or pki.goog in your DNS provider.
Unknown issuesSometimes, the reasons for SSL renewal failure could be unknown or due to Geo-location blocking. To resolve the Geo-location blocking issue:
  • Preferred method: Allow all traffic on HTTP/TCP Port 80 for request path /.well-known/acme-challenge/ from all regions

  • Alternative way:  Avoid Geoblocking and Firewall rules based on specific regions.
If the issue persists, contact Freshsurvey support.

Note: Freshworks is migrating to the Cloudflare for SSL certificates, supporting the latest HTTPS standards. After migration, if your SSL certificate renewal fails, you will receive an error message on your account requiring immediate action to prevent portal inaccessibility. You will also be notified on your registered email ID.