SSL certificate not extending to subdomains or DNS misconfiguration

We are using an externally registered domain ( in AWS Route53) for our Netlify site

In AWS Route53, we have an A record set up on our apex record, which points to a cloudfront distribution. The cloudfront distribution has an origin set up pointing to our Netlify site at This is working properly and users get directed to when accessing

We want to remove the cloudfront distribution by reconfiguring our A record in Route53 to point to the Nifty apex loadbalancer (, as described in these docs, Configure external DNS for a custom domain | Netlify Docs. However, Netlify documentation states “it may take up to a few hours for record changes to propagate”, and we do not want to interrupt traffic to our site while this propagation is happening.

We would like to test that this change will work by using one of the NETLIFY DNS records generated by Netlify; i.e. We have attempted to create an A record in AWS Route53 for which points to the apex loadbalancer ( Whenever we attempt to access though, we receive an invalid certificate error.

Is our SSL certificate potentially not extended on this subdomain?
Is our testing methodology valid?

Any help is appreciated and please let us know if you need further information.


totally get what you are saying. i think this is the guide you need:

1 Like