SSL Certificate Not Provisioning for Custom Domain (brandinglabs.ca)

Netlify Site Name:

brandinglabs.netlify.app

Custom Domain:

brandinglabs.ca

Error Message:

“We could not provision a Let’s Encrypt certificate for your custom domain.”

Steps Taken:

  1. DNS Configuration Verified:

• A Record for brandinglabs.ca points to 75.2.60.5 (Netlify load balancer IP).

• CNAME for www.brandinglabs.ca points to brandinglabs.netlify.app.

• No AAAA records are present.

• DNSSEC is not enabled (confirmed with registrar).

  1. Tools Used for Verification:

DNSChecker.org: Confirms A and CNAME records are propagated globally.

Let’s Debug: Reports no issues with DNS or SSL provisioning.

• Google DNS Cache Flush: Successfully flushed caches for brandinglabs.ca and www.brandinglabs.ca.

  1. Retries in Netlify:

• Used Verify DNS Configuration in Site Settings > Domain Management > HTTPS multiple times without success.

  1. Propagation Time:

• It has been over 48 hours since DNS changes were made.

Screenshots:

  1. Netlify HTTPS Settings:

Screenshot of HTTPS settings

  1. Netlify DNS Settings:

Screenshot of DNS settings

  1. DNS Verification via External Tools:

Screenshot of DNSChecker Results

Additional Notes:

• The domain uses Netlify DNS, and the nameservers (dns1.p04.nsone.net, etc.) are properly set at the registrar (Netfirms).

• All propagation tools and tests confirm the DNS setup is correct.

• Let’s Encrypt certificate provisioning has not completed despite multiple retries and no visible issues in DNS.

Request:

Could you please investigate why the SSL certificate isn’t being provisioned? If there’s an issue on Netlify’s end, I’d appreciate your guidance or assistance in resolving it.

Hi there, thanks so much for all these helpful details, I really appreciate it! It might be an intermittent error where the DNS records are not properly syncing with our NS1 DNS instance. I can attempt to manually generate this SSL certificate, but first you’ll need to remove these extra DNS records you have that are not needed:

If you could remove those three, and then let us know when that’s complete, try provisioning the SSL cert again! If it doesn’t work, let us know and we will manually attempt to generate one.

Thank you for the reply! Would be my pleasure, those 3 extra records have been removed.

Screencap: Screen Shot on 2024-12-13 at 09-07-24.png - Droplr

Thanks so much, I’ve provisioned the SSL certificate for the site, you’re all set.

1 Like