Home
Support Forums

Problems with SSL-certificate for apex domain?

Hi! I’m kind of a newbie on Netlify so would really appreciate this help :wave:

We have a site on Netlify, weexist-development-site.netlify.app where we on friday the 2 of july have configured our external DNS provider (Inleed) to point our domain to Netlify. Everything works fine with the primary domain:

…but when we try the apex domain weexist.se we get a warning saying that the site is not safe, and this seems to be a problem with the SSL-certificate?

We tried emptying the cache and following the other steps in Netlifys troubleshooting-guide, and when we try renewing the certificate we get this error:

We have also noticed that sometimes only writing weexist.se works in Chrome, but sometimes it doesn’t. In other browsers it doesn’t work at all. :thinking:

When checking the status for weexist.se with httpstatus.io we get this error:

Error message
Hostname/IP does not match certificate’s altnames: Host: weexist.se. is not in the cert’s altnames: DNS:*.netlify.com, DNS:netlify.com

Is this something that needs to be corrected with Netlify, or at our external DNS-provider?

Thanks in advance!

Hi @emma-tech

Do your domain settings look like this?

Hi @emma-tech,

This is the error I see:

According to the error we see now, there have been too many errors and the API has been rate limited. I believe the wait time is of 1 week.

Chances are you might have waited too long for the error to fix itself, or used the renew certificate button too often.

Hi @coelmay !

Yes it does, except that www is set as the primary domain:

Hi @hrishikesh !

Ok, so how do I fix this?
Is it better to just change to netlify DNS instead? I have a lot of records with my current provider so I was hoping I could get this to work, but if it doesn’t maybe the only option is to transfer all records…?

As I said in my reply, you’ve hit the rate limit and if I remember correctly, the wait time for the limit to be ignored is around a week. So, even if you switch to Netlify DNS, it won’t work till the time passes.

2 Likes

@hrishikesh Ok, we’ll wait a week and then see what happens. Thank you! :slight_smile:

2 Likes

Hello again @hrishikesh !
Now it has been a week, and nothing new has happened with the domain… weexist.se doesn’t work, and I don’t know if I dare press the “Renew certificate” button again… I still have this message but now the button is back at least:

How do I solve this so that the domain weexist.se works as well…?
I see in other support threads that some people have had similar problems and that it was because of the AAAA record… could that be it? :thinking: It looks like this in dig atm:

Thanks in advance! :slight_smile:

Hi @emma-tech,

The API endpoint limit was hit on 5th July, 2021 at 17:37:23.859 UTC. I can see that a week is about 7-8 hours from now. So, we probably still need to wait before we can try anything. I’m bookmarking this to remind me about it in about 8 hours so, I’ll check the status then.

2 Likes

As I can see, the warning still exists. I am checking the issue currently.

1 Like

Hi @emma-tech,

Upon further investigation, I do believe this is because of the AAAA record. Could you try removing it please?

Hi again @hrishikesh ,

The AAAA record is removed. Is it anything else I should do?

Hi @emma-tech,

Thank you for your patience through this issue. The certificate is now active! :netliconfetti:

1 Like

It works! :smiley: Thank you so much @hrishikesh! :tada:

2 Likes