I recently received an email from Netlify telling me that the TLS certificate has failed to be renewed for my main domain name “jordanthiervoz.com” (Netlify domain name : jordanthiervoz.netlify.app)
In the details it says this :
“SniCertificate::CertificateNonvalidError: Unable to verify challenge for jordanthiervoz.com: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.jordanthiervoz.com - check that a DNS record exists for this domain”
It’s the first time it happens in 4 years, everything worked fine until now. The website and its subdomains can still be accessed correctly.
The domain name is registered using OVH.
In my OVH dashboard, it appears that there isn’t any DNS TXT field for “_acme-challenge”.
The problem is that I can’t find what value to put in this field. Where could I find what the value needs to be ?
I tried to follow these steps, and it seems like my DNS are not correctly set even for the A and CNAME records (it never shows 75.2.60.5 but instead shows some other IPs.
I’m having trouble sorting this out, and I’m sadly not really skilled in the domain name management area.
Please note that if needed, I’m willing to transfer the domain name from OVH to Netlify in order to setup everything quickly without any trouble.
Hi there! Looking into your DNS setup, I believe your DNS records are the issue here. When I query host jordanthiervoz.com in my terminal, I see that you have IPV6 records. If you have IPV6 records, you must use Netlify DNS on our system. You can follow these instructions here to set up Netlify DNS:
If you prefer to stay with external DNS, you’ll need to delete your IPV6 records and still follow the above guide using the external DNS instructions, as I don’t see records set up properly for that either. You will set up these records at your registrar.
If you have set up the proper DNS records and you are not seeing them propagate, you’ll want to contact your registrar for assistance! Let me know if you have any other questions.
Thank you for your answer !
I followed your recommendations and chose to stay with External DNS, I used the guides you sent me to set everything up correctly.
Everything seems to be working fine again. I managed to successfully renew the TLS certificate for my domain and the website is accessible.
I hope I followed the instructions correctly, could you check on your side if everything seems fine to you ? (As I made the modifications this morning, the changes to the DNS records may still be propagating until tomorrow)
I have one more question : I have a few other Netlify websites that were hosted on subdomains (ekko-gobelins.netlify.app for example, that I want to redirect to ekko.jordanthiervoz.com).
These subdomains are not accessible anymore as I removed every DNS record from Netlify and OVH in order to clean everything up.
When I try to re add my custom subdomain on the website’s Domain Management section, it says "Awaiting External DNS and asks me to use Netfly’s Domain Name Servers, which I don’t use anymore as I now use OVH Domain Name Servers correctly.
What do I have to do to make my subdomains available ? Do I only have to add a single DNS A record redirecting to Netlify’s IP address 75.2.60.5 for every subdomain or is there other steps to follow to make it work ?
Checking your DNS Configuration, I do see you have the CNAME Record for www.jordanthiervoz.com setup correctly:
host www.jordanthiervoz.com
www.jordanthiervoz.com is an alias for jordanthiervoz.netlify.app.
jordanthiervoz.netlify.app has address 54.84.236.175
jordanthiervoz.netlify.app has address 18.213.222.111
jordanthiervoz.netlify.app has IPv6 address 2600:1f18:16e:df00::64
jordanthiervoz.netlify.app has IPv6 address 2600:1f18:2489:8201::c8
However, for the apex domain, jordanthiervoz.com, you’re using the deprecated load balancer IP 104.198.14.52:
host jordanthiervoz.com
jordanthiervoz.com has address 104.198.14.52
jordanthiervoz.com mail is handled by 1 smtp.google.com.
You’ll instead want to change the A Record for jordanthiervoz.com to use 75.2.60.5.
If you could make that change, I think you should be all set.
I do have a A Record pointing to 75.2.60.5 for jordanthiervoz.com that I added this morning.
I think the deprecated IP you are seeing is the one that existed before my modifications, it either has not been fully propagated yet, or you may have some DNS cache in place on your end ?
When I check using DNS Checker (here) we can see that the correct IP is set and propagated !