Hello Netlify Team,
I’m experiencing an issue with my custom domain setup. My Netlify site name is https://sage-melba-29e866.netlify.app/ , and the custom domain is sociallisteningco.com .
Here’s the problem:
The domain sometimes works in browsers, but most of the time it doesn’t.
An error window often appears, stating that DNS verification failed.
I’ve checked the DNS records where I purchased the domain, removed and re-added the domain in Netlify, and waited for days for the SSL certificate to propagate. Despite this, the issue persists.
Occasionally, the SSL certificate appears to be in order, and other times it does not (see screenshot attached).
Steps I’ve taken so far:
Verified DNS records with the domain registrar.
Removed and re-added the custom domain in Netlify.
Waited for the SSL certificate to propagate.
Tried troubleshooting with the Netlify chatbot, but no resolution was found.
I’ve attached screenshot showing:
The SSL certificate error.
I’d appreciate any assistance or advice to resolve this issue and ensure the domain works consistently across all browsers.
Thank you!
Best regards,
Pat
luke
December 20, 2024, 12:56am
2
Hi, @Patricia_Fernandez . There are two A records for the apex domain and one is not Netlify’s:
sociallisteningco.com. 600 IN A 75.2.60.5
sociallisteningco.com. 600 IN A 99.83.190.102
So, if you connect to 75.2.60.5, it works:
$ curl --compressed -svo /dev/null --stderr - --connect-to sociallisteningco.com:443:75.2.60.5 https://sociallisteningco.com/ | egrep '^(<|>|\* Connected)'
* Connected to 75.2.60.5 (75.2.60.5) port 443
> GET / HTTP/2
> Host: sociallisteningco.com
> User-Agent: curl/8.7.1
> Accept: */*
> Accept-Encoding: deflate, gzip
>
< HTTP/2 200
< accept-ranges: bytes
< age: 0
< cache-control: public,max-age=0,must-revalidate
< cache-status: "Netlify Edge"; fwd=miss
< content-encoding: gzip
< content-type: text/html; charset=UTF-8
< date: Fri, 20 Dec 2024 00:53:52 GMT
< etag: "6fbeaf883aeb851d5d0039018c5e34db-ssl-df"
< server: Netlify
< strict-transport-security: max-age=31536000
< vary: Accept-Encoding
< x-nf-request-id: 01JFGRWZW4QS6MHJA6HA2V8T2A
<
However, if you connect to the 99.83.190.102 IP address, it gives errors:
$ curl --compressed -svo /dev/null --stderr - --connect-to sociallisteningco.com:443:99.83.190.102 https://sociallisteningco.com/
* Connecting to hostname: 99.83.190.102
* Trying 99.83.190.102:443...
* Connected to 99.83.190.102 (99.83.190.102) port 443
* ALPN: curl offers h2,http/1.1
* (304) (OUT), TLS handshake, Client hello (1):
} [326 bytes data]
* CAfile: /etc/ssl/cert.pem
* CApath: none
* LibreSSL/3.3.6: error:1404B438:SSL routines:ST_CONNECT:tlsv1 alert internal error
* Closing connection
The solution for this would be to delete the A record for 99.83.190.102. Once that is done only 75.2.60.5 will be used and the errors should stop.
If that does not work or if there are any questions, please let us know.
1 Like