Custom domain stuck provisioning SSL certificate for hours (migrated from Wix)

Hello Netlify team,

My custom domain has been stuck on “Currently provisioning your Let’s Encrypt certificate” for several hours.

Here is the situation:

• DNS is fully propagated worldwide and correctly points to Netlify (confirmed with DNS checker)
• Domain was previously used on Wix and had an expired SSL certificate
• Wix is fully removed and no old A records remain
• There is no option to “Disable HTTPS” in the UI
• Clicking “Renew certificate” does not resolve the issue
• The site works on the netlify.app subdomain

I believe the SSL certificate is stuck and needs a manual reset/re-provisioning on your side.

Thank you in advance.

Hello there,

I understand the frustration involved in the custom domain getting stuck while the Let’s Encrypt SSL certificate for that custom domain is being provisioned. So, according to what you’ve told me, the DNS for the site seems to be set right, the website works fine under the subdomain with the extension of netlify.app.

Some steps to be followed to resolve the situation include:

1. Double-check DNS

For external DNS: You must have the A record pointing to your apex domain (example.com) at 75.2.60.5 and the www subdomain (www.example.com) pointing somewhere else, which has a CNAME record pointing to [sitename].netlify.app

For Netlify DNS: Verify that your registrar is using the correct name servers for Netlify.

2. Troubleshooting potential blockers

Verify if there are any CAA records that may prohibit Let’s Encrypt from issuing a certificate.

If you have AAAA/IPv6 records for your apex domain, remove these since they conflict with the load balancer of Netlify.

Ensure that there are no left-over old A records from the previous hostings. If DNSSEC is enabled, disable it for domains hosted by Netlify.

3. Retry certificate issuance

Go to Settings > Domain management > HTTPS in the Netlify dashboard.

Click on the Renew certificate and make sure that all “Force HTTPS” switches are correctly set.

Let Netlify automatically retry the issuance (it retries every 10 minutes for 24 hours, then hourly for 2 more days).

However, in case the certificate is still not issued even after this, it could be a situation where Netlify support will have to re-provision the certificate for us. And, as a matter of fact, since your netlify.app subdomain is already working, your site is already live, and as such, you are only concerned about HTTPS for your custom domain.

Hope this helps get your site fully secured!

Best regards,

Thanks for the guidance.

I’ve double-checked my DNS configuration and can confirm the following:

• No CAA records are present
• No AAAA / IPv6 records exist
• No leftover A records from previous hosting
• DNSSEC is disabled
• DNS only contains:
  • A records to 75.2.60.5 and 99.83.190.102
  • CNAME www → lightdaktcg.netlify.app
• DNS is fully propagated worldwide
• The site works correctly on the netlify.app subdomain

After confirming all of the above, the certificate is still stuck on
“Currently provisioning your Let’s Encrypt certificate”.

Could you please re-provision / reset the SSL certificate on your side?

Domain: lightdark.com.br
Site name: lightdaktcg

Thank you.

Hi, @Light_Dark. You did not follow the instructions.

That is not a correct DNS configuration above. The IP address 99.83.190.102 is not used by Netlify. It has never been used by Netlify.

LLM tools are not smart and lie as well. ChatGTP will lie to you and tell you that 99.83.190.102 is Netlify’s IP address. It is not.

Do not believe what ChatGTP tells you. ChatGTP is a liar. Never trust an LLM.

So, the reason that SSL was not working is that the instructions were not followed and the DNS configuration was not correct. If you would have deleted the A record for 99.83.190.102, that was all that was needed to resolve this.

I see you have since move the domain to other hosting. However, if there are follow-up questions, please let us know.