CAA records in your DNS restrict which CA can issue a certificate for this domain name.

Explanation:
https://blog.qualys.com/ssllabs/2017/03/13/caa-mandated-by-cabrowser-forum

https://sslmate.com/caa/
Let’s Encrypt:
CAA     0 iodef “mailto:abuse@example.com”
CAA     0 issuewild “letsencrypt.org”

ZeroSSL:
CAA     0 iodef “mailto:abuse@example.com”
CAA     0 issuewild “sectigo.com”

Comodo:
CAA     0 iodef “mailto:abuse@example.com”
CAA     0 issuewild “comodo.com”

DirectAdmin for name server settings:
Configure directadmin.conf with dns_caa=1.