Support Forums

Error when trying to provision Let's Encrypt certificate for custom domains


I could use some help with setting up a Let’s Encrypt certificate for one of my sites ( gracious-lewin-733af6 ). I use custom domains (external .de domain and aliases). When I verify the DNS config it seems like all is in order:

DNS verification was successful

We’re ready to provision a TLS certificate from Let’s Encrypt and install it on our CDN.

But when I proced to provision the certificate I get an error message with no further information on what went wrong:

We could not provision a Let’s Encrypt certificate for your custom domain.

When I try to open my site via https there seems to be a certificate, but for *.netlify.app, not for the actual domain, so browser blocks the site with SSL_ERROR_BAD_CERT_DOMAIN.

I don’t know how to proceed from here, so some help would be greatly appreciated.

Support Engineer


Hi, @ZoowaerterKarl. The issue is an AAAA type DNS record for the shortest of the apex domains added to that site (the domain name without the dash in it and no www ).

Here is a DNS lookup to demonstrate (with the majority of the data redacted as you haven’t shared this information publicly so we won’t either):

$ dig +noall +answer <redacted apex domain> AAAA
<redacted apex domain> 600 IN	AAAA	2a01:<redacted hexadecimal>:b6c1

If you delete that AAAA record, it will resolve the issue and SSL provisioning should be successful. If not or if there are other questions, please reply here anytime.

1 Like

Thank you, that solved the issue.

1 Like