Hi Netlify Support,
Note: I’m a new user so I can only include 6 links per post. Domain names are written with (dot) instead of periods to avoid being counted as links.
I’m unable to provision an SSL certificate for my custom domain. After 25+ hours and extensive troubleshooting, I’ve identified the root cause. This requires manual intervention on your backend.
Site & Domain
• Site: a-context-battle (dot) netlify (dot) app
• Custom domain: a-context-battle (dot) ai-mito (dot) com
• Parent domain: ai-mito (dot) com
• Registrar: Xserver Domain
• Nameservers (WHOIS confirmed): dns1-4 (dot) p05 (dot) nsone (dot) net (Netlify DNS)
Symptoms
• Provision certificate fails every time
• Removing and re-adding the domain also fails instantly
• No certificate has ever been issued (zero records on crt.sh)
• The site responds HTTP 200 correctly
Root Cause
DNSViz Servers tab shows Child zone Exists = NO on all 4 NSONE nameservers. The zone does not exist on NSONE infrastructure. All servers return REFUSED for every query — 16 errors total. Delegation status: Lame.
Let’s Debug FATAL errors
• CAA lookup: SERVFAIL
• SOA lookup: SERVFAIL (“domain existence could not be verified due to misbehaving nameserver”)
dig confirmation
Querying dns1 (dot) p05 (dot) nsone (dot) net for SOA returns status REFUSED, ANSWER 0. Same result on dns2, dns3, dns4.
Troubleshooting completed
• DNSSEC: Unsigned, no DS record confirmed
• Deleted NETLIFYv6 record
• No extra A or AAAA records
• DNS propagation confirmed globally
• Waited 25+ hours
This appears to be an inactive or ghost DNS zone on NSONE. Please recreate or restore the zone.
Thank you.
Additional context: Initially I tried setting up the domain using CNAME/TXT records in Xserver’s DNS panel. When that didn’t work, I switched the nameservers at the registrar to Netlify’s NSONE nameservers. This sequence of changes may have caused the zone to be created in a broken state.
,