Let's Encrypt cert won't provision despite DNS verification passing

Support
1

Hi all,

I’m unable to get an SSL certificate provisioned for my custom domain. DNS verification passes in the dashboard, but the Let’s Encrypt cert never issues, and browsers reject the connection with ERR_TLS_CERT_ALTNAME_INVALID because Netlify is still serving the default *.netlify.app certificate.

Site details

  • Site ID: 7903397b-... (full ID available on request via DM)

  • Netlify subdomain: theinsightshop.netlify.app (working, cert valid)

  • Custom primary domain: theinsightshopllc.com

  • Custom alias: www.theinsightshopllc.com

  • Domain registrar: Namecheap

  • DNS host: Namecheap BasicDNS (nameservers dns1.registrar-servers.com / dns2.registrar-servers.com)

  • Email: Microsoft 365 (MX records unchanged, email working)

DNS state (externally verified via Google Public DNS)

  • theinsightshopllc.com A → 75.2.60.5 (single record)

  • www.theinsightshopllc.com CNAME → theinsightshop.netlify.app.

  • AAAA records: none

  • CAA records: none

  • DNSKEY / DS records: none (DNSSEC is not enabled)

Third-party validation

Timeline

  1. Completed DNS cutover (old host was Wix → moved to Namecheap BasicDNS, A and CNAME pointed at Netlify)

  2. Added theinsightshopllc.com and www.theinsightshopllc.com in Domain management

  3. First “DNS verification failed” — clicked Retry DNS verification → success

  4. HTTPS panel showed “DNS verification was successful” with no cert issuing. Waited 30+ min. No progress.

  5. Removed both domains and re-added them fresh. Set apex as primary. DNS verification retry → success.

  6. HTTPS panel has shown “DNS verification was successful” for ~30+ min with no cert issuing.

  7. External HTTPS requests continue to return ERR_TLS_CERT_ALTNAME_INVALID.

Hypothesis
DNS is clean, Let’s Debug is green — nothing external to fix. I suspect earlier failed provisioning attempts (before DNS fully propagated, and during the remove/re-add) triggered an internal rate-limit or stuck state that isn’t surfaced in the UI.

What I’m asking
Could a Netlify staff member please:

  1. Check the internal provisioning logs for my site’s SSL issuance attempts

  2. Manually force a fresh Let’s Encrypt provisioning attempt for both domains

  3. Let me know if there’s something on my side I’m missing

Happy to DM the full Site ID or any other info. Thanks in advance!

2

Final diagnostic update via Netlify CLI:

  • showSiteTLSCertificate → returns null (no cert record on backend)

  • provisionSiteTLSCertificate → returns 422 Unprocessable Entity (no error body)

  • getAllCertificates (with both site_id and domain params) → also returns 422 Unprocessable Entity

Two separate cert endpoints both rejecting requests with 422, while the dashboard shows DNS verification as successful. This looks like the site is stuck in an inconsistent backend state where cert operations are blocked. Staff intervention needed to reset or unstick the cert orchestration for this site.

4

Hey @AJ_Shriver :wave:,
Thanks for reaching out!

We’ve gone ahead and created a support ticket for you, so our team can follow up with you directly via email from the help desk. Our Support crew will be in touch with you by email soon.

Great news: these days anyone can reach out to Netlify Support. First, you can try getting an answer using Ask Netlify, our helpful AI search tool. If your question isn’t answered there, you can submit a ticket using the support form, and we’ll take it from there.

We’re keeping the community around for swapping ideas, sharing tips and tricks, and talking shop with other folks building on the platform — but for support issues, tickets are the way to go.

Thanks for being here, and keep an eye out for that email from us!