SSL certs not generating

Is there any way to trigger the SSL certs? Like removing the domains and adding them again?

I know what I did wrong… I added the sites to the Netlify DNS too soon, like 2 days ago. I wanted to screenshot the settings to give to our IT dept (since they take a while), but now I see that’s silly because is just the A record and CNAME for www (can’t do APEX). Lesson learned.

After reading the docs a bit, I see I may have done that too soon, so even with a low TTL, our SSL certs aren’t being generated. But its been over well over an hour on all 3 sites. I’m having the same issue, no SSL.

xantech-static.netlify.app xantech.com
nilesaudio-static.netlify.app nilesaudio.com
sunfire-static.netlify.app sunfire.com

DNS is resolving, just not getting SSL certs. I sent the support email, over 2 hrs and nothing.

Is there anything I can do, or just wait for help?

Here is the error message for one of the sites in Netlify. I’m at the point where I think deleting the site and recreating it is the best option… won’t let me remove the domain.
Any thoughts?

SniCertificate::CertificateNonvalidError: Unable to verify challenge for nilesaudio.com: The key authorization file from the server did not match this challenge “cPyVqkOlLM4GVGnuW_5U4hMYSllDsbKI8C6OYbz0qAo.Hq7PVkpoUztZtbjTHneeg-1mVJhNloQx6jD-mxLNMsQ” != “cPyVqkOlLM4GVGnuW_5U4hMYSllDsbKI8C6OYbz0qAo.vKGSnNTMm-njyWJQYjhmPuIovGcwxiduMtzbURl4_Yc”

We can’t renew your Let’s Encrypt certificate automatically until the issue is resolved. Check our troubleshooting guide for more information on how to fix the problem, and then renew the certificate.

For all three domains I believe the AAAA records are the likely cause as they are not Netlify assigned IPv6 records.

Try removing these records.

% dig nilesaudio.com AAAA
nilesaudio.com.		1800	IN	AAAA	2620:12a:8001::3
nilesaudio.com.		1800	IN	AAAA	2620:12a:8000::3
% dig xantech.com  AAAA
xantech.com.		7200	IN	AAAA	2620:12a:8000::4
xantech.com.		7200	IN	AAAA	2620:12a:8001::4
% dig sunfire.com AAAA
sunfire.com.		7600	IN	AAAA	2620:12a:8000::4
sunfire.com.		7600	IN	AAAA	2620:12a:8001::4
1 Like

So frustrating, normally, I have full control of DNS, but at work, I don’t get make the changes :frowning:

After having my IT department remove those AAAA records, things fired off. Thanks for your help, all good now!

Thanks for letting us know your problem was resolved. Thank you @jasiqli for your excellent debugging skills in the community.