Cannot provision Let's encrypt certificate for apex domain

Hi there,

We’re trying to get our site to work with a custom domain. We’re using an external domain registrar and we would like to keep our DNS management over there. Some info:

Site is bankai-v3.netlify.app. Custom domain is bankai.eu.

We’ve set www.bankai.eu as the primary domain in Netlify, and bankai.eu redirects to the primary domain.

Our DNS settings are as follows:

bankai.eu.
A record
75.2.60.5

www
CNAME
bankai-v3.netlify.app.

Verify DNS configuration does succeed, but after that we keep getting the “We could not provision a Let’s Encrypt certificate for your custom domain.” error in the UI when trying to provision the certificate.

We have another site in Netlify which lives on a subdomain of bankai.eu, and that does work:

Netlify site bankai-storybook.netlify.app
Domain: styleguide.bankai.eu (set as primary domain for the site)
DNS record:

styleguide
A-record
75.2.60.5

Any help is appreciated.

Niels.

Update: We’ve reverted back to our old DNS settings (we’re moving from another host to Netlify) for now, to avoid SSL certificate errors, until further notice. If needed we can restore the settings described above.

Hi, @niels_bankai. I checked the logging for the SSL provisioning and this is the error:

Unable to verify challenge for bankai.eu: Invalid response from http://bankai.eu/.well-known/acme-challenge/87B8MxilgNi90FkKZmGHi2m3P_4kcevfvQYA0T7IVlY [2a03:3c00:a002:179::1008]: 404

That is an IPv6 IP address above: 2a03:3c00:a002:179::1008. I can confirm that DNS record still exists:

bankai.eu.		3600	IN	AAAA	2a03:3c00:a002:179::1008

That DNS record must be deleted in order for the SSL provisioning at Netlify to succeed. If there are other questions or if that doesn’t resolve the issue, please let us know.

Hi Luke,

Thanks for the help. It was indeed the AAAA records that was causing the problem. Seems to work fine now.

Thanks again,

Niels.

Thanks for coming back and letting us know! Happy building