I cannot provision a Let’s Encrypt certificate for my custom domain or provide my own

I have a custom domain and initially the automatic TLS service authenticates the DNS then fails when provisioning.

I have also tried to provide my own certificate via Digicert and converted the CSR to a PEM and still not having any luck.
It rejects the cert with the error message “is not a valid PEM certificate”

Only a site name or a custom domain name can help us check this :slight_smile:

rfidentikit.com
www.rfidentikit.com

  • This would of probably of helped more

Hi @LouisSawyer

I see rfidentikit.com is using Netlify DNS.

% dig rfidentikit.com NS
rfidentikit.com.	172800	IN	NS	dns4.p01.nsone.net.
rfidentikit.com.	172800	IN	NS	dns1.p01.nsone.net.
rfidentikit.com.	172800	IN	NS	dns2.p01.nsone.net.
rfidentikit.com.	172800	IN	NS	dns3.p01.nsone.net.

I also see there is a A record pointing to 75.2.60.5

% dig rfidentikit.com A
rfidentikit.com.	300	IN	A	75.2.60.5

And the www subdomain is configured with a CNAME to the apex

% dig www.rfidentikit.com
www.rfidentikit.com.	14400	IN	CNAME	rfidentikit.com.
rfidentikit.com.	290	IN	A	75.2.60.5

This is incorrect configuration: the IP address used here is for external DNS configuration.

When using Netlify DNS, you need only add the domain to your site and DNS records are automatically configured (these are special NETLIFY records) and a Let’s Encrypt automatically generated. See the Assign a domain to a site section of the Custom domains documentation

1 Like

:wave: @LouisSawyer , as for the “is not a valid PEM certificate” issue, we have a blog article on installing custom certificates that may help. Also, make sure the private key is not encrypted!