Issue with SSL Security

Hello, I see several other posts SSL/TLS Certificate, but the issue doesn’t quite seem the same.

My website, (fruitionacres.netlify.app), has verified Netlify DNS and was working when I last checked a month ago. I can access my website from my cellphone, but can’t from my laptop using Microsoft Edge. When accessing the site from certain browsers and devices, a security warning is displayed, indicating that the site may contain insecure content and could potentially gather sensitive information.

My website does not contain or ask for login forms, data collection processes or sensitive content. It is used to highlight our farm and animals we raise. People would reach out via email if interested in purchasing an animal.

Despite the absence of any sensitive data or interactive elements, the security warning is negatively impacting the user experience and preventing potential customers from accessing the site.

Within Netlify the SSL/TLS Certificate Section has the following Error that I don’t understand how to resolve: “We could not provision a Let’s Encrypt certificate for your customer domain. Please read our trouble shooting guide for some tips on what might be happening.” I’ve read it, it’s not helping.

From Microsoft Edge I get the following error: “Your connection isn’t private. Attackers might be trying to steal your information from www.fruitionacres.com (for example, passwords, messages or credit cards).”

If I click Advanced the following longer Error Message is displayed: "www.fruitionacres.com uses encryption to protect your information. When Microsoft Edge tried to connect to www.fruitionacres.com this time, the website sent back unusual and incorrect credentials. This may happen when an attacker is trying to pretend to be www.fruitionacres.com, or a Wi-Fi sign-in screen has interrupted the connection. Your information is still secure because Microsoft Edge stopped the connection before any data was exchanged.

You can’t visit www.fruitionacres.com right now because the website uses HSTS. Network errors and attacks are usually temporary, so this page will probably work later."

If I access through Google Chrome on my cell phone, I can view my website and it is current with my most recent updates from last night, but there is a triangle warning in the URL bar and when clicked it says “Connection is not secure. You should not enter any sensitive information on this site (for example, passwords or credit cards because it could be stole by attackers.”

My DNS records seem to be pointing to the right space, but I don’t understand the SSL Certificates and what to do with them. Honestly, I could do without if I could. I just want someone to be able to search fruitionacres.com (or any variation beginning with http, www, etc) and get to my site.

Thank you in advance for your assistance resolving this issue.

Hi, @fruitionacres. The issue here is that you have an inactive DNS zone here:

https://app.netlify.com/account/dns/fruitionacres.com

We have a support guide with more information about how to fix this here:

(To summarize the support guide, you should probably just delete the inactive DNS zone above.)

If there are other questions after reading that support guide, please let us know.

Hi @luke I read the support guide and it’s a bit too technical for me to feel like I’m fully understanding.

I followed your instructions and have attempted deleting one and both of the “inactive DNS”.

I noted that the link you provided above says frutionacres.com. That one was the A type DNS zone and I deleted it, leaving the other referencing cheery-tulumba. I am still running into the same error.

If I do the opposite and add back the A type DNS zone and delete the cheery-tulumba - same result.

Would you mind helping my understanding a bit more by breaking down what you’re seeing and/or the support guide in a bit less techy talk?

Hi, @fruitionacres. Your domain isn’t using Netlify DNS at all. The best way to see this is the WHOIS data for the domain. Below I’m using the command grep to just show the lines of the WHOIS data that contain the exact text “Name Server”:

$ whois fruitionacres.com | grep "Name Server"
   Name Server: NS21.DOMAINCONTROL.COM
   Name Server: NS22.DOMAINCONTROL.COM
Name Server: NS21.DOMAINCONTROL.COM
Name Server: NS22.DOMAINCONTROL.COM

That shows us what the real DNS service for the domain is and it is not Netlify DNS. That is why I recommended deleting the DNS zone here.

You deleted and recreated DNS records. However, you did not delete the zone itself. Deleting the zone is the correct action here.

You can do so with the button shown in the screenshot below:

image739×399 21.5 KB

Once the DNS zone itself is deleted, then next this to do is to use the external DNS instructions found here:

You will make the new DNS records at your registrar and not at Netlify. (You cannot make them at Netlify anymore because you deleted the zone above.)

The records you will make will be these below (and, again, you add these at your domain registrar’s site):

fruitionacres.com.			1800	IN	A		75.2.60.5
www.fruitionacres.com.		1800	IN	CNAME	fruitionacres.netlify.app.

Next, on the page below:

https://app.netlify.com/sites/fruitionacres/configuration/domain

remove fruitionacres.com as the primary domain using the buttons shown below:

image1432×553 68 KB

Finally (this is the last step), add www.fruitionacres.com (with the www - that is very important) back as the primary domain. The goal here is to make www.fruitionacres.com primary instead of the apex domain (just fruitionacres.com by itself). You should never make the apex domain primary when using external DNS. The key here is that www needs to be primary for this domain as it will be using external DNS.

Once that is done, the DNS will be configured correctly and the site fruitionacres.netlify.app will be shown for that domain name in web browsers.

If that doesn’t work please let us know what steps you tried and what the results were.

Thank you! That appears to have done the trick!!