Issue with SSL Security

Hello, I see several other posts SSL/TLS Certificate, but the issue doesn’t quite seem the same.

My website, (, has verified Netlify DNS and was working when I last checked a month ago. I can access my website from my cellphone, but can’t from my laptop using Microsoft Edge. When accessing the site from certain browsers and devices, a security warning is displayed, indicating that the site may contain insecure content and could potentially gather sensitive information.

My website does not contain or ask for login forms, data collection processes or sensitive content. It is used to highlight our farm and animals we raise. People would reach out via email if interested in purchasing an animal.

Despite the absence of any sensitive data or interactive elements, the security warning is negatively impacting the user experience and preventing potential customers from accessing the site.

Within Netlify the SSL/TLS Certificate Section has the following Error that I don’t understand how to resolve: “We could not provision a Let’s Encrypt certificate for your customer domain. Please read our trouble shooting guide for some tips on what might be happening.” I’ve read it, it’s not helping.

From Microsoft Edge I get the following error: “Your connection isn’t private. Attackers might be trying to steal your information from (for example, passwords, messages or credit cards).”

If I click Advanced the following longer Error Message is displayed: " uses encryption to protect your information. When Microsoft Edge tried to connect to this time, the website sent back unusual and incorrect credentials. This may happen when an attacker is trying to pretend to be, or a Wi-Fi sign-in screen has interrupted the connection. Your information is still secure because Microsoft Edge stopped the connection before any data was exchanged.

You can’t visit right now because the website uses HSTS. Network errors and attacks are usually temporary, so this page will probably work later."

If I access through Google Chrome on my cell phone, I can view my website and it is current with my most recent updates from last night, but there is a triangle warning in the URL bar and when clicked it says “Connection is not secure. You should not enter any sensitive information on this site (for example, passwords or credit cards because it could be stole by attackers.”

My DNS records seem to be pointing to the right space, but I don’t understand the SSL Certificates and what to do with them. Honestly, I could do without if I could. I just want someone to be able to search (or any variation beginning with http, www, etc) and get to my site.

Thank you in advance for your assistance resolving this issue.

Hi, @fruitionacres. The issue here is that you have an inactive DNS zone here:

We have a support guide with more information about how to fix this here:

(To summarize the support guide, you should probably just delete the inactive DNS zone above.)

If there are other questions after reading that support guide, please let us know.

Hi @luke I read the support guide and it’s a bit too technical for me to feel like I’m fully understanding.

I followed your instructions and have attempted deleting one and both of the “inactive DNS”.

I noted that the link you provided above says That one was the A type DNS zone and I deleted it, leaving the other referencing cheery-tulumba. I am still running into the same error.

If I do the opposite and add back the A type DNS zone and delete the cheery-tulumba - same result.

Would you mind helping my understanding a bit more by breaking down what you’re seeing and/or the support guide in a bit less techy talk? :grimacing:

Hi, @fruitionacres. Your domain isn’t using Netlify DNS at all. The best way to see this is the WHOIS data for the domain. Below I’m using the command grep to just show the lines of the WHOIS data that contain the exact text “Name Server”:

$ whois | grep "Name Server"

That shows us what the real DNS service for the domain is and it is not Netlify DNS. That is why I recommended deleting the DNS zone here.

You deleted and recreated DNS records. However, you did not delete the zone itself. Deleting the zone is the correct action here.

You can do so with the button shown in the screenshot below:

Once the DNS zone itself is deleted, then next this to do is to use the external DNS instructions found here:

You will make the new DNS records at your registrar and not at Netlify. (You cannot make them at Netlify anymore because you deleted the zone above.)

The records you will make will be these below (and, again, you add these at your domain registrar’s site):			1800	IN	A		1800	IN	CNAME

Next, on the page below:

remove as the primary domain using the buttons shown below:

Finally (this is the last step), add (with the www - that is very important) back as the primary domain. The goal here is to make primary instead of the apex domain (just by itself). You should never make the apex domain primary when using external DNS. The key here is that www needs to be primary for this domain as it will be using external DNS.

Once that is done, the DNS will be configured correctly and the site will be shown for that domain name in web browsers.

If that doesn’t work please let us know what steps you tried and what the results were.

1 Like

Thank you! That appears to have done the trick!!