SSL certs not generating

nice-dev · March 17, 2023, 5:05pm

Is there any way to trigger the SSL certs? Like removing the domains and adding them again?

I know what I did wrong… I added the sites to the Netlify DNS too soon, like 2 days ago. I wanted to screenshot the settings to give to our IT dept (since they take a while), but now I see that’s silly because is just the A record and CNAME for www (can’t do APEX). Lesson learned.

After reading the docs a bit, I see I may have done that too soon, so even with a low TTL, our SSL certs aren’t being generated. But its been over well over an hour on all 3 sites. I’m having the same issue, no SSL.

xantech-static.netlify.app xantech.com
nilesaudio-static.netlify.app nilesaudio.com
sunfire-static.netlify.app sunfire.com

DNS is resolving, just not getting SSL certs. I sent the support email, over 2 hrs and nothing.

Is there anything I can do, or just wait for help?

nice-dev · March 17, 2023, 6:38pm

Here is the error message for one of the sites in Netlify. I’m at the point where I think deleting the site and recreating it is the best option… won’t let me remove the domain.
Any thoughts?

SniCertificate::CertificateNonvalidError: Unable to verify challenge for nilesaudio.com: The key authorization file from the server did not match this challenge “cPyVqkOlLM4GVGnuW_5U4hMYSllDsbKI8C6OYbz0qAo.Hq7PVkpoUztZtbjTHneeg-1mVJhNloQx6jD-mxLNMsQ” != “cPyVqkOlLM4GVGnuW_5U4hMYSllDsbKI8C6OYbz0qAo.vKGSnNTMm-njyWJQYjhmPuIovGcwxiduMtzbURl4_Yc”

We can’t renew your Let’s Encrypt certificate automatically until the issue is resolved. Check our troubleshooting guide for more information on how to fix the problem, and then renew the certificate.

jasiqli · March 17, 2023, 8:22pm

For all three domains I believe the AAAA records are the likely cause as they are not Netlify assigned IPv6 records.

Try removing these records.

% dig nilesaudio.com AAAA
nilesaudio.com.		1800	IN	AAAA	2620:12a:8001::3
nilesaudio.com.		1800	IN	AAAA	2620:12a:8000::3

% dig xantech.com  AAAA
xantech.com.		7200	IN	AAAA	2620:12a:8000::4
xantech.com.		7200	IN	AAAA	2620:12a:8001::4

% dig sunfire.com AAAA
sunfire.com.		7600	IN	AAAA	2620:12a:8000::4
sunfire.com.		7600	IN	AAAA	2620:12a:8001::4

nice-dev · March 17, 2023, 10:29pm

So frustrating, normally, I have full control of DNS, but at work, I don’t get make the changes

After having my IT department remove those AAAA records, things fired off. Thanks for your help, all good now!

SamO · March 20, 2023, 1:37pm

Thanks for letting us know your problem was resolved. Thank you @jasiqli for your excellent debugging skills in the community.

Topic		Replies	Views
SSL/HTTPS issue for 3 newly added websites Support netlify-dns-https-ssl	6	289	February 7, 2023
SSL/TLS Certification not generating even after 24 hours Support deployment , netlify-dns-https-ssl	1	438	January 16, 2022
SSL certificate not being issued Support netlify-dns-https-ssl	2	119	May 9, 2024
The SSL certificate is not generated Support netlify-dns-https-ssl	5	103	May 20, 2024
Unable to generate apex domain SSL Support netlify-dns-https-ssl	2	316	July 1, 2022

SSL certs not generating

Related topics