1. “I did still need to click the “Renew certificate” button” Did you do that for me, logged into my account?
Not technically while logged in as you but, essentially, yes. Our support team is able to perform certain actions for accounts on our service (and these actions are all audited and logged, of course). Triggering a manual SSL certificate renewal is one of the things our support team is able to do for accounts on our service.
I only pointed it out for two reasons. First, to point out that you had fixed it not me. Second, to call attention to the “Renew certificate” button for future cases. Not always, but sometimes, this button is all that is needed to fix an SSL certificate. If it doesn’t work, please create new topics here on this community site and our support team will be happy to troubleshoot.
2. “This SSL certificate will continue to update automatically as long as the current DNS settings remain unchanged.” I have my domain with Namecheap and am paying an annual fee. Does this mean that the SSL certificate with Netlify will continue to work so long as I keep renewing my domain? (I hope that makes sense).
Yes. The Let’s Encrypt SSL certificate expire each 90 days. Their (Let’s Encrypt’s) best practices say to renew these when they are 30 days from expiration. We actually do this at 10 days before (and there is a feature request to change this to 30). If there are any issues renewing the SSL certificates we’ll email the team member that have access to the site about it. Most renewal failure are temporary and resolve automatically but, if not, we’ll start emailing you ten days in advance. If this happens, please contact us here and we’ll be happy to troubleshoot.
Also, yes, to: “Netlify will continue to work so long as I keep renewing my domain.”
As you mention domains are “registered” not “purchased”. Once you register a domain, you can keep control of it by renewing the registration. (Often, there is a discount if you renew for multiple years but this varies by domain registrar.)
If someone lets a domain registration expire the they will no longer control the DNS records for the domain. Controlling DNS for a domain is “controlling the domain”. If you lose DNS control, you’ve lost the domain. (Most registrars support a 30 day time window to recover a domain if one forgets to renew it. This might even be mandatory but I’m not 100% on that.)
3. "My instructions above about two DNS records (an A record and a CNAME record) are the external DNS instructions. The method you used was the Netlify DNS instructions.” Do you mean that the latter instructions are narrower in focus and the former is broader (i.e. try external DNS instructions if Netlify DNS instructions don’t help to bring the site back up)? Also, was my problem not SSL but DNS?
Yes, the issue was DNS blocking SSL provisioning.
Before we can provision the Let’s Encrypt SSL certificates, the DNS records must point the domain names to Netlify. If the DNS records don’t point to Netlify, when we attempt the provisioning it fails. In most cases, our systems won’t even try to provision SSL if they can determine the DNS isn’t correct.
There are two different (and mutually exclusive) methods to “point a domain name to Netlify”. External DNS means adding records with the existing DNS service. This is almost always the domain registrar (but never say never).
Netlify DNS is the second method. This moves the DNS service from the original service to Netlify DNS. This enables some more advanced features of our service (automatic SSL for branch subdomains, automatically creating DNS record when a new subdomain is added to a site, etc).
However, if you don’t copy existing DNS records before activating Netlify DNS, this causes any records which were not copied to stop working. This is why I don’t recommend it first. It has a potential for downtime if other services (like email) are depending on these DNS records.
Again, this can be completely mitigated by copying all records before activating Netlify DNS.
Both are about equally complex to implement but one has a greater potential for downtime, so I recommend one (external DNS) before the other (Netlify DNS).
Netlify DNS enables all the features we offer, but I don’t recommend starting with Netlify DNS unless someone is comfortable migrating an existing DNS zone manually.