I figured out the issue with DNS but I need help from SUPPORT

rberkes · August 24, 2025, 8:25pm

Subject: Apex TLS fails on one Netlify anycast IP (manufacturingchina.com)

Hi Netlify team,

My apex domain intermittently fails TLS. Testing shows one of the two A-record IPs is bad:

Good IP:
curl -Iv --resolve manufacturingchina.com:443:75.2.60.5 https://manufacturingchina.com/
→ HTTP/2 200, LE E7 cert OK
x-nf-request-id: 01K3EVZSMMTP0EEQPXN5WY3N87
Time: 2025-08-24 20:23:18 UTC

Bad IP:
curl -Iv --resolve manufacturingchina.com:443:99.83.190.102 https://manufacturingchina.com/
→ LibreSSL/3.3.6: error:1404B438:SSL routines:ST_CONNECT:tlsv1 alert internal error

Additional context:

DNS is Netlify DNS.
APEX A records were 75.2.60.5 and 99.83.190.102.
No AAAA, no CAA, DNSSEC disabled.
openssl s_client shows a valid Let’s Encrypt E7 cert for manufacturingchina.com and www.

Could you please reseed/refresh TLS config for the apex on edge IP 99.83.190.102 (or remove it from rotation) and confirm when it’s fixed? I’ve temporarily removed 99.83.190.102 from my A records to stabilize traffic.

Thanks!

nathanmartin · August 25, 2025, 1:02am

@rberkes 99.83.190.102 is not a Netlify IP address.

You were likely supplied it by an “AI” which has misled you.

If you check the Netlify documentation you will see that you should set only 75.2.60.5

See:

Topic		Replies	Views
Intermittent apex outage and TLS failures on lampscience.com – bad edge IP 99.83.190.102? (Mitigated by forcing 75.2.60.5 only) Support netlify-dns-https-ssl	1	97	September 9, 2025
Ssl_error_internal_error_alert Support netlify-dns-https-ssl	2	47	September 1, 2025
Custom domain SSL intermittently fails on edge IP 99.83.190.102 Support netlify-dns-https-ssl	3	26	March 23, 2026
Apex domain TLS broken, www works Support netlify-newbie	3	37	January 8, 2026
Did Netlify’s load balancer IP address change? Support deployment , netlify-dns-https-ssl	11	2830	February 21, 2023

I figured out the issue with DNS but I need help from SUPPORT

Related topics