SSL certificate not working for custom domain (northstar-express.com)

Support
1

Hi Netlify team,

My site northstarv1.netlify.app is connected to the custom domain northstar-express.com.
DNS is set correctly:

  • @ → A → 75.2.60.5, 99.83.190.102

  • www → CNAME → northstarv1.netlify.app

But when I open https://northstar-express.com, I get ERR_SSL_PROTOCOL_ERROR.
In Domain management → HTTPS, it shows:

northstar-express.com doesn’t appear to be served by Netlify. We can’t renew your Let’s Encrypt certificate automatically…”

Could you please help re-issue the Let’s Encrypt certificate for my domain?

Thank you!

2

Hi, @mikeruan. That IP address of 99.83.190.102 is wrong. My best guess is you use ChatGTP and it provided you bogus information. Netlify does not and has not ever used that IP address.

Delete the A record for 99.83.190.102 and wait for one hour (because the TTL on that record is 3600 seconds which is one hour).

3

Hi Luke, Thank you so much for your guidance—the website is now running smoothly. However, the SSL/TLS certificate still isn’t renewing properly. Could you please advise on the next steps?

image
image1264×695 41.8 KB

4

Hi @mikeruan,

Looks like you have an inactive DNS Zone here:

The name servers being used aren’t the Netlify name servers but .cnolnic.com name servers:

dig northstar-express.com NS +trace | tail -n 6
;; Received 571 bytes from 192.48.79.30#53(j.gtld-servers.net) in 85 ms

northstar-express.com.	7200	IN	NS	ns2.cnolnic.com.
northstar-express.com.	7200	IN	NS	ns1.cnolnic.com.
;; Received 97 bytes from 240c:4082:0:5d01::5#53(ns2.cnolnic.com) in 245 ms

Since you’re using an External DNS configuration, you can remove the inactive Netlify DNS Zone here:

https://app.netlify.com/teams/mikeruan/dns/northstar-express.com#delete-dns-zone

You’ll want to ensure that you have your domains configured at your registrar as following:

northstar-express.com A Record pointing to 75.2.60.5
www.northstar-express.com CNAME Record pointing to northstarv1.netlify.app

You can read more on what an inactive DNS Zone is and how to fix the issue here:

Let us know if you have any questions.