Hi, @smaher, I’m not able to update the SSL certificate because the process tries to provision for all custom domains and fails if even is single custom domain check fails.
I do see the working DNS record for
$ dig staging.app.akita.software +noall +answer
; <<>> DiG 9.10.6 <<>> staging.app.akita.software +noall +answer
;; global options: +cmd
staging.app.akita.software. 59 IN CNAME staging--akita-superstar.netlify.app.
staging--akita-superstar.netlify.app. 19 IN A 126.96.36.199
staging--akita-superstar.netlify.app. 19 IN A 188.8.131.52
For the primary custom domain (
app.akita.software), the DNS record doesn’t point to Netlify so the SSL certificate provisioning fails:
$ dig app.akita.software +noall +answer
; <<>> DiG 9.10.6 <<>> app.akita.software +noall +answer
;; global options: +cmd
app.akita.software. 599 IN CNAME 7ae283fe-superstar-reportu-52c9-245783648.us-west-2.elb.amazonaws.com.
7ae283fe-superstar-reportu-52c9-245783648.us-west-2.elb.amazonaws.com. 59 IN A 184.108.40.206
7ae283fe-superstar-reportu-52c9-245783648.us-west-2.elb.amazonaws.com. 59 IN A 220.127.116.11
7ae283fe-superstar-reportu-52c9-245783648.us-west-2.elb.amazonaws.com. 59 IN A 18.104.22.168
7ae283fe-superstar-reportu-52c9-245783648.us-west-2.elb.amazonaws.com. 59 IN A 22.214.171.124
We need both any custom domains and any branch subdomains to have DNS configured and working before we can create the SSL certificate. Behind the scenes, we are using the same API’s that the Let’s Encrypt certbot uses.
Are you not wanting to switch DNS until the SSL certificate is in place?
If so, you can run certbot on whatever system that load balancer is pointing to. This will let you get the SSL certificate from Let’s Encrypt for
app.akita.software. You can then upload that to Netlify as a custom SSL certificate and then move the DNS to point to Netlify. The SSL certificate will be the custom certificate you created with certbot.
Then, once that is in place, I can make a new automatic SSL certificate with Let’s Encrypt and our service which also includes the branch subdomain. The new certificate would then be used and we will automatically update it from there.
Alternatively, if you don’t mind the SSL not working for a time, then you can just change the DNS without any SSL certificate and once both DNS records point to Netlify, then we can provision the automatic SSL certificate.
As always, if there are any questions we will be happy to answer. We are happy to proceed with whichever solution you prefer.