Redirected Netlify site going on / offline (sometimes Awaiting Netlify DNS)

Issue Summary: It’s been 48 hours since we redirected our Netlify site, “ailleurs-studio.netlify.app,” to the custom domain “ailleurs.studio” (hosted with Google/Squarespace). However, the site keeps going live and then offline with an ERR_SSL_PROTOCOL_ERROR.

Current Configuration (screenshot attached):

We want our site ailleurs-studio.netlify.app to redirect to custom domain “ailleurs.studio” rather than “www.ailleurs.studio” (which worked fine when that was set as our primary domain). So in addition to adding a [www] CNAME pointing “www.ailleurs.studio” in our Squarespace settings, we have now:

  • set “ailleurs.studio” as the primary domain on Netlify
  • and updated the A records so as to now have two [@] A Records pointing to Netlify’s IPs, 75.2.60.5 and 99.83.190.102.

Our MX, SPF, and DKIM records remain unchanged, pointing to Google’s servers, and nameservers remain in Squarespace to preserve email functionality. We do not want to update our Squarespace nameservers as that previously disconnected our email the first time we tried it, as we have a Google Workspace subscription.

SSL Status in Netlify:

  • SSL is fully enabled for both “ailleurs.studio” and “www.ailleurs.studio”.
  • The SSL certificate was last renewed around 6 PM, three hours after the redirect change on November 3rd.

Current diagnostics:

  • DNS Checker shows almost all positives. The CNAME for “www.ailleurs.studio” points to our Netlify site, and the A records for “ailleurs.studio” point to Netlify’s IPs.
  • SSL checker: IP 99.83.190.102 = failed to communicate with the secure server, while IP 75.2.60.5 = ready and rated A+.

Additionally, one Google Workspace user experiencing a couple logout issues this morning strangely (which may or may not be related?). Is this a case of waiting longer for propagation, or is there a potential misconfiguration causing these issues? Thanks in advance for any assistance!

Hi, @ailleurs_team. This is the incorrect record:

ailleurs.studio.	14400	IN	A	99.83.190.102

If you delete that record, it will resolve the issue. Please note the time to live (TTL) above is 14400 seconds (4 hours). This means it make take that long for any copies of this record to stop being served from downstream resolver caches once you delete the incorrect record above.

1 Like

Thank you so much for your reply, so this will leave me with one single “@” A record — 75.2.60.5. I’m deleting 99.83.190.102 per your suggestion.

Hi, @ailleurs_team. Yes, for the apex that leaves just one A record pointing to 75.2.60.5. That is correct and should resolve this issue. However, if it does not, please let us know and we will continue troubleshooting.