DNS verification failed - HTTPS can't be provisioned - "is not resolvable with a resolver that validates DNSSEC"

Hello there!

I’m still new to this but have encountered a problem. I just deployed my website into netlify but noticed that, even after 24 hours had passed, I wasn’t getting the SSL/TLS certificate, and, therefore, didn’t have HTTPS access.

My domain is www.requinteaoquadrado.pt, but I also have a subdomain (requinteaoquadrado.pt). Both of these have DNS certification since I included the netlify name servers in my domain provider. After checking multiple documents and questions similar to mine, I am still to find an answer to my problem.

Following [Support Guide] How to detect and fix inactive Netlify DNS zones, I installed dig and found that my name server was “e.dns.pt” and not “nsone.net” as it should be. On the other hand, when I used the command line “whois” I verified that all my name servers corresponded to netlifies’s nameservers
(Name Server: dns1.p01.nsone.net
Name Server: dns3.p01.nsone.net
Name Server: dns4.p01.nsone.net
Name Server: dns2.p01.nsone.net) - if I did it correctly.

But I still don’t know what is actually wrong or what I have to do in order to fix this issue.

As I previously stated (on the title), the error message that appeared in my Domain Management was " www.requinteaoquadrado.pt is not resolvable with a resolver that validates DNSSEC". But, then again, what should I do to fix this issue?

Thank you in advance!

What seems to be happening here is that your domain have DNSSEC enabled from your previous nameservers.

Therefore all DNS requests will fail since the new nameservers are not signed using the public key published on the .pt registry.

You will need to reach out to your registrar and disable DNSSEC first. After it is disabled, the verification should go through (it may take 24-48 hours).

1 Like