Having issues getting a Let's Encrypt certificate when using a GoDaddy domain

Custom site name edielb.netlify.app, domain name edielehbod.com

I am relatively new to web development, and am having trouble trying to sort out why my Netlify hosted site cannot be approved for a Let’s Encrypt certificate in order to have my site encrypted via HTTPS. I have looked through many support articles and forum posts, asked Netlify AI and GPT a dozen different ways, but am still at a loss for what I can do.

I suspect the issue stems from the fact that I purchased the domain on GoDaddy & they may provide their own DNS that is keeping Netlify from being able to do their own. However, because I have successfully routed the domain to the Netlify nameservers, the GoDaddy DNS management section reads:

"We can’t display your DNS information because your nameservers aren’t managed by us.

Manage your DNS here [link] by changing your nameservers to default nameservers."

There are still two active “DS” records on the GoDaddy domain; I am unsure if these are causing an issue but do not want to delete them in case they are important.

I have used DNSSEC Debugger and received the following diagnoses:

“No DNSKEY records found” for the site
and “No RRSIGs found”

My DNS settings on netlify are the basic ones that route the netlify hosted site (edielb.netlify.app) to the corresponding GoDaddy domain, edielehbod.com.
“3600 in NETLIFY edielb.netlify.app”, and 3 other similar variations
I also have a CAA reading “edielehbod.com 3600 in CAA 0 issue letsencrypt.org”; I believe this was something I added after reading an article saying that this would help with getting encryption.

Does anyone have an idea of what I’m doing wrong here? It’s been two days of me trying to figure this out, and I’m at a loss. Happy to provide further details. Thanks to anyone who sees this

DNSSEC is enabled for this domain. Netlify does not support DNSSEC (see: DNSSEC support on Netlify and DNSSEC on Netlify feature request).

You will need to change the name servers back to the default used by GoDaddy, disable DNSSEC, then change the name servers back to those provided by Netlify once DNSSEC is confirmed off.

If you would prefer to use DNSSEC, change the name server back the GoDaddy, remove the DNS zone from Netlify and use external DNS configuration.

1 Like

You’re awesome. Thank you so much.

EDIT: Not a bot. All the more awesome

Hi, @vilemckael. I’m fairly certain that @dig isn’t a bot and they are a real person replying to you. (If they are a bot they are passing my Turing test. :wink: )

It sounds like that advice was the resolution here so thanks for that, @dig. You are always “on point” with your answers.

2 Likes

Quick update, I have reverted the nameservers to their defaults and it showed that I had DNSSEC set to off on GoDaddy. I do, however, have the following default DNS records on Godaddy: should I delete these and add them to my Netlify certs?

Edit to clarify: I would prefer to use Netlify’s DNS. I use Netlify for all my website deployments and will continue to, regardless of where I’m purchasing domains, so would like to become more familiar with this process and DNS terminology.

Not sure what this means.

If you would prefer to use Netlify DNS check out the relevant documentation

The records in the screenshot are not required for Netlify DNS.

As part of this you will need to change the name servers at GoDaddy to those provided by Netlify. You’ll possibly find the following guide handy (written by the also-not-a-turing-test-passing-bot @luke)

Further resources available in

Thanks to you and the also-not-a-turing-test-passing-bot luke’s articles, I turned on DNS on GoDaddy, moved the default DNS records from GoDaddy to Netlify, and then re-disabled GoDaddy’s DNS & the problem was fixed within the hour. Website is now up and running with HTTPS enabled and a Let’s Encrypt certificate procured. Appreciate the timely responses and support article references very much.

For anyone else struggling with this process, this may seem obvious, but familiarizing myself with what DNS means and does, and with what each specific DNS Record does to facilitate this process, made it a lot easier to understand what was going wrong.

1 Like

Glad to hear you were able to resolve the issue, thanks for updating us!