Domain config issue

[URGENT]
X - Netlify link A - https://cute-capybara-bb5bc2.netlify.app/
Y - Custom Domain Link - https://siterecon.ai
Z - Custom Domain Link with CNAME WWW - https://www.siterecon.ai

I added 2 records to my Hostinger DNS records.

  1. I configured my A record to point to Netlify LB IP Address.
  2. Added a CNAME “www” to point to X

Additionally added 2 redirects - http://siterecon.ai → Z and https://siterecon.ai → Z

Now,
Everything is good when I hit Z

But when I test asked people to try to “siterecon.ai”, they land in to an SSL error page.

When I tested the certificate on https://www.digicert.com/help/ I got this

How to fix this?

Hi @innovationchef :wave:t6: ,
Welcome to the forums! It’s possible that the SSL error is caused by a mismatch between the SSL certificate on your custom domain and the domain name that users are trying to access.

Please make sure you followed this guide on custom domains: Custom domains | Netlify Docs

Finally, if it has not been 48 hours since you updated your dns please wait as this may be a propagation issue.

What about this?

This won’t configure until dns propagation is complete.

It has been many days. How come this is still happening? Some of my users are complaining to see error screens -


Hi @innovationchef,

Checking on the DNS configuration, I see that www.siterecon.ai subdomain looks properly configured:

host www.siterecon.ai
www.siterecon.ai is an alias for cute-capybara-bb5bc2.netlify.app.
cute-capybara-bb5bc2.netlify.app has address 35.229.48.116
cute-capybara-bb5bc2.netlify.app has address 34.148.79.160
cute-capybara-bb5bc2.netlify.app has IPv6 address 2600:1f18:2489:8201::c8
cute-capybara-bb5bc2.netlify.app has IPv6 address 2600:1f18:2489:8200::c8

However, for the apex domain, siterecon.ai, I’m showing that a AAAA Record (IPv6) is configured:

host siterecon.ai
siterecon.ai has address 75.2.60.5
siterecon.ai has IPv6 address 2a02:4780:11:778:0:19d6:bcdd:1
siterecon.ai mail is handled by 1 aspmx.l.google.com.
siterecon.ai mail is handled by 10 alt4.aspmx.l.google.com.
siterecon.ai mail is handled by 10 alt3.aspmx.l.google.com.
siterecon.ai mail is handled by 5 alt2.aspmx.l.google.com.
siterecon.ai mail is handled by 5 alt1.aspmx.l.google.com.

We don’t support Pv6 when using our load balancer IP address. Please remove the IPv6 record.

Also, it looks like you’ve reached the rate limit of failed attempts at Let’s Encrypt (to learn more about LE rate limits, please see Failed Validation Limit - Let's Encrypt) . After you fix the AAAA Record (IPv6) you’ll need to wait for the rate limit hold to lift before Let’s Encrypt can renew the cert, or you can upload a custom certificate.

too many failed authorizations recently: see https://letsencrypt.org/docs/failed-validation-limit/

Let us know if you have any questions.

1 Like