DNS propogation problem? SSL certificate error

I have the custom domain www.bluemountainsprinklers.com pointed to new-blue-mountain.netlify.app. I just updated my domain settings through Hover.com to point to the Netlify name servers (dns1.p05.nsone.net, etc…). The Netlify site loads, but the SSL certificate fails.
In my Netlify control panel domain settings, I see that DNS verification failed. https://httpstatus.io/ shows a 200 for the non-HTTPS URL, and the following error when testing the HTTPS version:

Error message
Hostname/IP does not match certificate's altnames: Host: www.bluemountainsprinklers.com. is not in the cert's altnames: DNS:*.netlify.com, DNS:netlify.com

Is this something I need to wait on, or is there a problem with my configuration?


Edit: Also, any tips on how to troubleshoot problems like this would be greatly appreciated!

1 Like

@grizfan Hmm, your settings look correct, but your site is loading over http.

Have you tried clicking the Refresh button in your Netlify dashboard to see if that clears up the issue?

FWIW, I checked a site that I’ve had for years with an SSL certificate, and this service showed it as not being secure even though it is.

thanks for the quick response. I think I might be rushing things a bit. I suspect I’m still in the transition state for my domain changes, and will check back in 2021 :smile:

It did turn out to be a timing issue. I checked the site this morning, and everything is working as expected.

I’ll add “being more patient” to my list of resolutions for 2021 :smile:

Hi, @grizfan. You are not alone as this is a frequently asked question here at Netlify. We have an entire support guide devoted to this topic for exactly this reason:

I can only guess that some of the previous DNS records were cached because of TTL and that they naturally expired over time. The current TTL is 3600 seconds (1 hour) and I’m guessing the previous NS records had a similar TTL as well. If so, it could have taken as long as an hour to update (or more - as the delay depends on the previous TTL, not the new TTL).

If there are other questions about this, please let us know.