Issue with the https certificate

pierobond · March 7, 2023, 9:07am

My https certificate stopped working and I cannot figure out why.
My netlify site is https://marcopierobon.netlify.app/ and I’m trying to access it via https://www.pierobon.net.

The domain is hosted on godaddy, and I’ve applied the suggested CNAME dns entry

In the netlify control panel I don’t see any error.

Yet, when I try to access https://www.pierobon.net I get an invalid certificate error.

What am I doing wrong?

Melvin · March 7, 2023, 10:40am

HI @pierobond,

Thanks for reaching out and welcome to Netlify’s Support forums!

I see you have configured Netlify DNS for the domain here:

However, you are using domaincontrol.com name servers instead of the Netlify name servers.

host -t ns pierobon.net
pierobon.net name server ns69.domaincontrol.com.
pierobon.net name server ns70.domaincontrol.com.

I also show that you have External DNS setup for the domain:

A Record for pierobon.net pointing to 75.2.60.5:

host pierobon.net
pierobon.net has address 75.2.60.5
pierobon.net mail is handled by 10 aspmx.l.google.com.
pierobon.net mail is handled by 20 alt1.aspmx.l.google.com.
pierobon.net mail is handled by 20 alt2.aspmx.l.google.com.
pierobon.net mail is handled by 30 aspmx2.googlemail.com.
pierobon.net mail is handled by 30 aspmx3.googlemail.com.

CNAME Record for www.pierobon.net pointing to marcopierobon.netlify.app:

host www.pierobon.net
www.pierobon.net is an alias for marcopierobon.netlify.app.
marcopierobon.netlify.app has address 34.73.83.172
marcopierobon.netlify.app has address 54.161.234.33
marcopierobon.netlify.app has IPv6 address 2600:1f18:2489:8200::c8
marcopierobon.netlify.app has IPv6 address 2600:1f18:2489:8202::c8

You’ll want to either use Netlify DNS or External DNS and not both.

We have a Support Guide here on how to detect a inactive DNS Zone:

The solution is either to delete the DNS Zone as outlined here. Or to use Netlify’s name servers mentioned here. If you decide to use Netlify’s name servers, you’ll need to remove the External DNS configuration of the A Record pointing to 75.2.60.5 and the CNAME Record pointing to marcopierobon.netlify.app.

Having both External DNS and Netlify DNS configured can cause issues with the SSL Certificate getting generated or renewed.

Let us know if you have any questions.

pierobond · March 7, 2023, 4:18pm

Thanks. I’ve deleted the DNS zone in netlify a couple hours ago, but I still get the same error.
How long should it take?

SamO · March 7, 2023, 4:30pm

Up to 48 hours. If you are still experiencing this issue in 2 days please reach back out.

Melvin · March 7, 2023, 4:56pm

Hi @pierobond,

Thanks for the follow-up. You should be all set with the SSL Certificate.