Cannot provision Let's encrypt certificate for apex domain

Hi there,

We’re trying to get our site to work with a custom domain. We’re using an external domain registrar and we would like to keep our DNS management over there. Some info:

Site is Custom domain is

We’ve set as the primary domain in Netlify, and redirects to the primary domain.

Our DNS settings are as follows:
A record


Verify DNS configuration does succeed, but after that we keep getting the “We could not provision a Let’s Encrypt certificate for your custom domain.” error in the UI when trying to provision the certificate.

We have another site in Netlify which lives on a subdomain of, and that does work:

Netlify site
Domain: (set as primary domain for the site)
DNS record:


Any help is appreciated.


Update: We’ve reverted back to our old DNS settings (we’re moving from another host to Netlify) for now, to avoid SSL certificate errors, until further notice. If needed we can restore the settings described above.

Hi, @niels_bankai. I checked the logging for the SSL provisioning and this is the error:

Unable to verify challenge for Invalid response from [2a03:3c00:a002:179::1008]: 404

That is an IPv6 IP address above: 2a03:3c00:a002:179::1008. I can confirm that DNS record still exists:		3600	IN	AAAA	2a03:3c00:a002:179::1008

That DNS record must be deleted in order for the SSL provisioning at Netlify to succeed. If there are other questions or if that doesn’t resolve the issue, please let us know.

Hi Luke,

Thanks for the help. It was indeed the AAAA records that was causing the problem. Seems to work fine now.

Thanks again,


1 Like

Thanks for coming back and letting us know! Happy building :rocket:

1 Like