I’m the owner of the site qricsstudio.com, which is hosted on Netlify. The site was working fine until April 28, but now I’m encountering the following error in Chrome:
“This site can’t provide a secure connection – ERR_SSL_PROTOCOL_ERROR”
I’ve run an SSL test using SSL Labs, and the results show that:
Some IP addresses fail to establish a secure connection.
One IP (75.2.60.5) works fine and shows an A+ rating.
The overall report warns of “Inconsistent server configuration.”
I haven’t made any changes to DNS recently, and the domain is still correctly pointing to Netlify.
What I’ve tried so far:
Re-deploying the site
Clearing browser cache and DNS
Checking DNS records (everything looks correct)
Could someone please help verify the SSL certificate status or check for any misconfiguration on Netlify’s end?
Site name: qricsstudio.netlify.app Custom domain: qricsstudio.com
Hi! It shows that you have both external DNS configured and a Netlify DNS zone set up for the same domain, you’ll likely encounter SSL certificate issuance problems. This is known as an “inactive Netlify DNS zone” issue.
In the current DNS propagation, this A record qricsstudio.com. 3600 IN A 75.2.60.5 is intended for external DNS configuration, which means you are not using Netlify nameservers. Also, I’m seeing Netlify nameservers currently propagating, meaning you enabled Netlify DNS zones.
When you have a Netlify DNS zone created but are still using external DNS (with your domain’s nameservers not pointing to Netlify), this creates a conflict that prevents proper SSL certificate provisioning. Netlify’s system gets confused about which DNS configuration to use for certificate validation.
To resolve this issue, you have two options:
Delete the inactive Netlify DNS zone if you want to continue using external DNS. This is often the simplest solution if you already have your external DNS properly configured with A records pointing to 75.2.60.5 and CNAME records for www pointing to your Netlify app URL.
Since you already enabled Netlify DNS or using Netlify nameservers, just delete the existing A records pointing to 75.2.60.5(would prefer this option)
This is a common issue that can prevent SSL certificates from being provisioned or renewed. Once you resolve the DNS configuration conflict, your SSL certificate should be issued successfully.
Once the DNS is updated, allow it to propagate and the domain will automatically synchronized with Netlify DNS. SSL will provisioned afterwards.
I also have other DNS records configured such as MX, TXT records
for email and google site analytics, etc… so
even if this is the case, can 2nd solution you suggested be the way to fix the problem?
Also, for the 1st solution you suggested, it looks like Netlify warns deleting DNS zone
as the action is reversible, so this warning kind of makes me hesitated to go ahead
and delete the DNS zone.
Here’s how the current DNS records are configured:
qricsstudio.com 3600 IN A 75.2.60.5 qricsstudio.com 3600 IN A 99.83.190.102 qricsstudio.com 3600 IN AAAA 2001:4800:7812:1::1 qricsstudio.com 3600 IN AAAA 2600:3c02::f03c:91ff:feae:bbd6 www.qricsstudio.com 3600 IN CNAME qricsstudio.com qricsstudio.com 3600 IN MX 10 mx.zoho.com qricsstudio.com 3600 IN TXT google-site-verification=...........
I have a external provider where the following nameservers are configured:
Hi, It seems you have proceeded with using Netlify DNS(Netlify nameservers). As per checking, your DNS records and site, everything appears to be secure. However, I’m a bit concerned about the A record 75.2.60.5(load-balancer) that is currently propagating. This A record is associated with the External DNS method, which is intended for cases where you are not using Netlify nameservers.
Although your site is currently live and secure, keeping this A record may cause a conflict in the future, potentially leading to DNS errors or SSL provisioning issues.
Also, there should not be a CNAME record for www pointing to your apex domain. If you’re using Netlify DNS, Netlify will automatically add the necessary DNS records for your site.
I recommend to remove unnecessary DNS records asap! Hope this helps.
My observation is that the site works fine during normal time,
but at the time the certificate is renewed (either automatically or manually),
the site goes down for hours, then comes back online. I double checked this by
manually renewing the certificate.
Because that is of course not an expected behavior, I tried deleting the A record 75.2.60.5,
and tried accessing the website. The website immediately went down. So I put them back.
Today, as you suggested, I deleted all the records (A, AAAA, CNAME records) again that are
supposedly configured by Netlify automatically if I host the site using Netlify.
Looks like the site went down again, but will continue to monitor for few hours.
Hello, it appears the issue has been resolved. The SSL has been issued and I’ma seeing site live. If you’re still experiencing errors, try clearing the cache and cookies or use different browser/incognito/private tab.
