HTTPS - SSL/TLS certificate

Hi all,
I have a problem with DNS. I have the custom domain and this is the DNS settings on Netlify

In my domain provider, I added the A record with value and the CNAME record with value like this link.

In section HTTPS/SSL/TLS certificate on Netlify display the error:

We could not provision a Let’s Encrypt certificate for your custom domain.

and I if i click on “Verify DNS Configuration” display the message:

DNS verification was successful. We’re ready to provision a TLS certificate from Let’s Encrypt and install it on our CDN.

but the error persists.

Can you help me, please?


If you are using external DNS configuration you should not have the domain configured in Netlify DNS. You must use one of the other, not both.

External DNS configuration requires the addition of an A and CNAME record only.

Netlify DNS requires changing the name servers for the domain.

If I use the external DNS, I have to click the button “Delete DNS zone”?

Yes you need to delete the DNS zone.

Ok, thank you!
Now I have to wait 24/48 hours?
In Domain management > Production domains, does not show Awaiting External DNS

propagation can take up to 48 hours to take effect.

I waited more than 48 hours but nothing changed. Any other suggestions?

Hi, @manudev97. You have an AAAA type DNS record that points somewhere that is not Netlify:	14400	IN	AAAA	2001:4b78:1001::1501

That record above must be deleted before the Let’s Encrypt SSL provisioning will succeed.

Note, the TTL above is 14400. That is the time to live in seconds and 14400 seconds is four hours. This means that, at most, the deletion of the record will take four hours to complete. If no intermediary DNS resolver has cached that record, however, the deletion will be nearly instantaneous.

After the deletion is complete, you can click the “Verify DNS configuration” button on the SSL settings page to provision SSL at that time. If it doesn’t work, though, please let us know.

Hi @luke and thank’s for the answer.
I deleted the record this morning and now I clicked the “Verify DNS configuration” and “Provision certificate” buttons, but it didn’t work.

Hi @manudev97,

Thanks for following up. Looking at the site now here:

I see that the SSL Certificate has been provisioned about 20 minutes ago. Looks like it just needed a bit more time.

Yes @Melvin!
Thank you all for the support!!

1 Like