Need help setting up SSL for my apex domain on netlify dns

The site I am using with Netlify DNS is showing a good SSL certs, but when I try the apex domain on Safari it shows "certificate name does not match input:. Also in Firefox, it is showing SSL_ERROR_BAD_CERT_DOMAIN. Chrome is showing [ERR_CERT_COMMON_NAME_INVALID]. What do I need to do to make to work through Netlify dns? On my netlify screenshot below it seems to be setup correctly on netlify dns.

Generally, the reason we are unable to provision a complete SSL certificate for your custom domain is that the DNS cache time to live (TTL) value for a record has not had time to expire (from your old settings) before you tried to use it with Netlify. Our SSL provider ( is unable to create certificates for names that have old cached values still in effect.

Depending on how you configure your domain, we may only attempt to fetch the certificate once - when you update your settings with the new domain name. Usually, if it is your first hostname on a site, we’ll try several times until we succeed.

If that process generates a partial certificate, there is usually a button in our UI to renew the certificate which would try to add all appropriate names.

The additional delay between your attempt and mine seems to have been enough to allow things to work right when I attempted to re-issue the certificate.

Please let me know if things are not working as expected now.

It’s working great now Luke! Glad to know it wasn’t necessarily something I did incorrectly. Just took some time for the old TTL to expire. Thanks so much.

1 Like


I’m facing the same situation as the post describes above (www good, apex bad) - am I correct to think if I give it a bit of time for the old TTL to expire, all will be well? If so, how much time might that take?

Alternatively, am I able to reissue a certificate to speed the process up? (I clicked “renew certificate”, but not sure if that makes a difference…?)

Thank you in advance for any insight you can offer :slight_smile:

UPDATE: I was being impatient, clicking the “renew certificate” button did indeed update it around 10 minutes after :smiley:

Hi, @emmaboardman1986. Thank you for the follow-up edit. The renew button doesn’t always work and, if not, please always feel free to post in community about it.

Again, though, we appreciate you taking time to post an update. It is nice to validate that the wait and renew certificate advice does work (at least sometimes).