Cannot provision SSL certificate – DNS verification failed for damiano.im

Support
1

Hi everyone,

I’ve been trying to set up my custom domain damiano.im with Netlify, and everything works except the SSL certificate provisioning.

Netlify keeps showing the following error when I try to enable HTTPS:

DNS verification failed
damiano.im doesn’t appear to be served by Netlify.
We can’t provision a certificate until your DNS configuration is pointing at the Netlify servers and the changes have propagated.

Here is my current setup:

  • damiano.im is set as the primary domain on Netlify
  • www.damiano.im is added as a domain alias
  • The site is deployed via GitHub and works correctly at https://www.damiano.im
  • However, https://damiano.im is stuck with no SSL

My DNS records on Namecheap are as follows:

Type: A
Host: @
Value: 75.2.60.5
TTL: Automatic

Type: A
Host: @
Value: 99.83.229.126
TTL: Automatic

Type: CNAME
Host: www
Value: damianoim.netlify.app.
TTL: Automatic

I am not using Netlify DNS. The above DNS settings were updated more than 24 hours ago.

What I’ve tried so far:

  • Verified DNS propagation globally
  • Double-checked all DNS records
  • Removed and re-added the domain in Netlify
  • Tried clicking “Provision certificate” again

Is there something I’m missing? Do I need to remove a DNS zone from Netlify or reset anything?

Thanks in advance for your help.
Damiano

2

Hi @damiandrake0,

Thanks for reaching out! Welcome to Netlify’s Support Forums.

Looking at the site, I see you have a Netlify DNS Zone setup.

However, you’re not using Netlify’s Name servers mentioned here.

dig damiano.im NS +trace | tail -n 6
;; Received 98 bytes from 193.62.157.66#53(ns4.ja.net) in 131 ms

damiano.im.		1800	IN	NS	dns1.registrar-servers.com.
damiano.im.		1800	IN	NS	dns2.registrar-servers.com.
;; Received 98 bytes from 2610:a1:1025::200#53(dns2.registrar-servers.com) in 40 ms

Currently the DNS Zone is inactive, and one of the issues with an inactive DNS Zone is that it can cause issues with the SSL certificate being provisioned.

We have a Support Guide on inactive DNS Zones, the issues they cause, how to detect one and how to fix it:

Additionally, I see you do have External DNS configured:

host damiano.im
damiano.im has address 75.2.60.5
damiano.im has address 99.83.229.126

host www.damiano.im
www.damiano.im is an alias for damianoim.netlify.app.
damianoim.netlify.app has address 100.28.201.155
damianoim.netlify.app has address 34.234.106.80
damianoim.netlify.app has IPv6 address 2600:1f18:16e:df00::65
damianoim.netlify.app has IPv6 address 2600:1f18:16e:df02::65

The easiest option to fix this issue would be to remove the Netlify DNS Zone here:

This will remove the Netlify DNS Zone which is one solution for fixing an inactive DNS Zone issue.

Let us know if you have any questions.

3

Hi Melvin,

Just wanted to update that everything is now working perfectly!
The solution was to switch my domain to use Netlify’s DNS instead of external DNS from my registrar (Namecheap).

Here’s what I did:

  • Removed the inactive Netlify DNS zone.
  • Re-enabled Netlify DNS properly from the domain settings.
  • Updated the nameservers in Namecheap to point to Netlify’s (dns1.p01.nsone.net, etc).
  • Waited for DNS propagation (~1–2 hours in my case).
  • Once active, the Let’s Encrypt SSL certificate was provisioned automatically.

Now both damiano.im and www.damiano.im are working with HTTPS.
Thank you so much for the help and clear guidance!

Cheers,
Damiano

1 Like