Let's Encrypt SSL stuck / "Waiting on DNS propagation" for domain with external DNS

Hello Netlify Support Team,

I’m experiencing an issue with SSL provisioning for my custom domain, brunolcorrea.com.br, on my Netlify site lpebookiacorretores.

Problem Description: My custom domain brunolcorrea.com.br is configured to use an external DNS provider (Hostinger), where my nameservers are located. I have correctly set up the A record (pointing to 75.2.60.5) and the CNAME record for www (pointing to lpebookiacorretores.netlify.app). DNS propagation has been confirmed via external tools, and Netlify itself previously showed “DNS verification was successful”.

However, the SSL/TLS certificate status in my Netlify domain settings remains perpetually “Waiting on DNS propagation”.

Furthermore, when I remove and re-add the domain brunolcorrea.com.br, Netlify displays the message: “Good news! brunolcorrea.com.br is already on Netlify DNS, so you can add your domain.” This indicates that Netlify internally believes it is managing my DNS, which is incorrect, as my nameservers are at Hostinger. This internal conflict seems to be preventing the Let’s Encrypt certificate from provisioning correctly.

Steps I have already taken:

Verified A and CNAME records at Hostinger (they are correct).
Confirmed DNS propagation using online tools.
Removed and re-added brunolcorrea.com.br and www.brunolcorrea.com.br from Netlify’s “Production domains”.
Attempted to “Force HTTPS” on and off (if clickable).
Noticed that the “Enable automatic TLS certificates with Let’s Encrypt” option is not clickable.
Clicked on “Provide your own certificate” and then closed, hoping for a reset (no change).
It appears there might be a cached or stuck internal state within Netlify’s system regarding my domain’s DNS management, preventing the automatic Let’s Encrypt provisioning process from completing successfully.

Could you please assist by manually resetting the internal state of my domain brunolcorrea.com.br to correctly reflect that its DNS is managed externally, and then re-trigger the Let’s Encrypt certificate provisioning?

Thank you for your time and assistance!

The site doesn’t seem to be deployed yet. SSL cannot be provisioned without it.

To clarify, there are two issues, @blcorrea. The first is that there are no successful deploys here:

https://app.netlify.com/projects/lpebookiacorretores/deploys

There must be at least one successful deploy before we can provision SSL.

The second issue is this AAAA record pointing to Jostinger:

brunolcorrea.com.br.	1800	IN	AAAA	2a02:4780:1:584:0:1b31:ed79:d

To fix the SSL issue:

• make a successful deploy
• delete the AAAA record above
• you should then be able to provision SSL in the domain settings here

Note, the TTL for the AAAA record is 1800 (the “time to live” in seconds) so it may take 30 minutes before the DNS change is seen by downstream resolvers.

Thank you very much, Luke! I have tried to deploy, many many times, but unfortunately with no success. Can you help me with this issue?

Try moving vite to dependencies instead of devDependencies.

Oh, thank you! It worked!!!