SSL Certificate gives error

SniCertificate::CertificateNonvalidError: Unable to verify challenge for ja-development.nl: 2001:888:214f::525e:f616: Invalid response from http://www.xel.nl/pagina-niet-gevonden: 404

Sitename is ja-development.nl // ja-development.netlify.app

I don’t really understand how to fix this.

It seems there are extra AAAA and A record on ja-development.nl which does not point to Netlify. So, when Let’s Encrypt is trying to validate ownership, it fails.

You will want to remove those first.

If your DNS provider supports an ALIAS or flattened CNAME or ANAME record, you could point your ja-development.nl domain to apex-loadbalancer.netlify.com. But if not, an A record to 75.2.60.5 would work.

I currently have a CNAME record pointed at ja-development.netlify.app, could you elaborate why I should point it to apex-loadbalancer.netlify.com instead of that?

Also, what is a flattened CNAME record, is that different from a normal CNAME record?

A flattened CNAME basically enable you to have a CNAME record for your root domain, in this case ja-development.nl instead of an A record, enabling you to have a more robust configuration. Not all DNS provider supports it though. If yours doesn’t, the A record would work fine.

The www.ja-development.nl DNS record should still point to ja-development.netlify.app of course.

So just one last question, the current situation is as follows:
I have 1 CNAME record from www to point to ja-development.netlify.app and 1 CNAME record from root (*) to point to ja-development.netlify.app. It seems to work just fine as is, what is the benefit of pointing the root (or flattened) CNAME record to apex-loadbalancer.netlify.com instead? Are there any resources I can read about this because before this thread I never read anything on this address.

It’s from:

To be completely honest with you, I’m not sure myself. Back then, I believe the instruction was CNAME from root domain ja-development.nl to ja-development.netlify.app if your DNS provider supports it, otherwise A record.

Though I noticed that they recently changed it to point to a load balancer instead. But both would work just fine I assume.

1 Like

Thank you very much for the explanation, I will look into it myself as well. Have a great day!