I came to this thread after running into the your.domain is not resolvable with a resolver that validates DNSSEC error on a couple of my Netlify sites.
The linked troubleshooting guide says
To keep DNSSEC enabled, you can stop using Netlify DNS and use external DNS instead.
Except… I already am using external DNS rather than Netlify’s (which is likely what led to the problem after I switched domain registrars)? So what’s the next step here? Point my domains to some other third party DNS servers that I somehow have to acquire?
Point my domains to some other third party DNS servers that I somehow have to acquire?
Answering my own question here: yes, that’s the solution. What the troubleshooting guide should say is
you can stop using Netlify DNS and use external DNS that does not have DNSSEC enabled instead.
Merely using external DNS – which I already was – is, of course, insufficient when that external DNS is hosted by the registrar that has the DNSSEC enabled.
In my case, I front-ended my site with CloudFlare without enabling DNSSEC on its config and all is well again with my auto-renewing Let’s Encrypt certs here.
Would be really great to see this feature added. Netlify is almost perfect for our needs.