Attempts to renew SSL certificate say domain isn't served by Netlify

robflaherty · August 30, 2022, 2:35pm

I have 4 Netlify sites on the same domain—1 on the primary, 3 on subdomains—and I received emails saying that automatic renewal of the SSL cert for all had failed.

When I try renewing manually through the Netlify admin I consistently get a “[domain] doesn’t appear to be served by Netlify” message.

I use external DNS. These sites have been running on Netlify for years and there have been no recent DNS changes.

In reviewing the DNS settings I saw that I was pointing to possibly outdated values for the CNAMES (netlify.com instead of 'netlify.app`) and that Netlify now seemed to use a new load balance IP for the A record. I updated those yesterday. Today I’m still getting the message that Netlify doesn’t think it’s serving these sites. Everything looks propagated and no issues shown on letsdebug.net

The primary domain is parsnip.io . That maps to this Netlify site: https://heuristic-ardinghelli-95719f.netlify.app

One of the subdomains is scrolldepth.parsnip.io . That maps to https://awesome-kare-ea1571.netlify.app

Any help much appreciated!

elden · September 1, 2022, 5:29am

HI @robflaherty

Welcome to the community!

When I look at the domains tab for your account, I see another domain listed (as registered externally) but not parsnip.io. This being the case, I think the first thing to try is to remove the custom domain here…:

and add it back again. Would you mind giving that a shot and letting is know how it goes?

robflaherty · September 1, 2022, 1:14pm

Hi @elden,

Thanks for looking at it! I removed the custom domain from the site and added it back but it didn’t appear to resolve it. It still says “parsnip.io doesn’t appear to be served by Netlify” and shows the certificate expiring in 4 days. The “Renew Certificate” button no longer shows.

I hadn’t noticed the Domains tab. Is that only for domains using Netlify’s DNS? My domains all use external DNS.

Thanks again!
Rob

hrishikesh · September 4, 2022, 11:19am

Hey @robflaherty,

Did you check your DNS settings? I cannot see any Netlify records for your domain:

> dig +short A parsnip.io
>> 104.21.96.3
>> 172.67.150.25
> dig +short CNAME www.parsnip.io
>> <empty>

Neither the A records nor the CNAME records are correctly setup? Did you try clicking on “Check DNS configuration” option in the UI?

robflaherty · September 5, 2022, 1:32pm

Hi @hrishikesh,

The DNS settings were correct but I’ve moved the sites to Cloudflare. The problem appeared to be on the Netlify end and it didn’t seem it would be resolved before the certificates expired.

fool · September 7, 2022, 11:10pm

OK. Do you still want our help with anything?

In most conditions, we can provision certificates no matter who is hosting DNS; I can’t tell what was happening with your site when you wrote in, only that our internal DNS lookups failed to show that we hosted the site even back on 2 Sep, is why that banner is/was showing in the UI.

Perhaps you had some “AAAA” records configured already, that weren’t pointing to Netlify? (there is no AAAA record that you can use that points to Netlify, and when this happens, our UI isn’t always the best at informing you that we saw it.)