Hey,
Site name: corbyfellas.netlify.app
So my corbyfellas.io domain transfer I did some time ago. The DNS appears to have propagated but the SSL still says waiting for propagation. When I manually press verify it always succeeds.
I can’t help but think something is stuck processing? Is that possible?
Many Thanks,
Mark Everett
Hi @markeverett 
, Welcome to the forums. Your DNS is showing that it’s managed externally. Sorry to hear you are experiencing issues with your DNS propagation. Many DNS issues fix themselves with a little patience, and if it has not yet been 48 hours we will likely ask you to wait before we investigates. I recommend you give this support guide a read and see if it gets you unblocked.
Hey,
Based on my experience I would say that something is definitely stuck as the DNS name server change propagated a long time ago now. If you can look at this it would be appreciated.
Thanks,
Mark
Hi,
The problem is because your domain corbyfellas.io is not resolving anywhere. You’ve delegated hollybush.corbyfellas.io to Netlify, but the apex domain still doesn’t resolve anywhere. So, when lets Encrypt tries to provision an SSL, it tries to lookup CAA records for corbyfellas.io. Since the domain doesn’t resolve, the lookup fails and provisioning fails.
I’d advise you to make sure your apex domain resolves somewhere.
I changed the nameservers to Netlify and I see it in Netlify DNS?
I can add the apex to Netlify but I don’t want the root domain to resolve to anything I only want the subdomain to work initally.
Having issues with Apple AASA and trying to test without a root domain.
Like I mentioned, you delegated the subdomain to Netlify, not the apex domain.
Like I said, that’s not required.
That’s exactly the problem. The apex needs to resolve to something for Lets Encrypt to scan the CAA records of the domain.
OR, I guess you can try adding a CAA record for the subdomain with the value 0 issue "letsencrypt.org"? I don’t know if this will work, but worth a shot.