SSL Provisioning Issues: could not provision a Let’s Encrypt certificate for your custom domain

Hello, I’m getting a “We could not provision a Let’s Encrypt certificate for your custom domain.”

Site name:

Here are my DNS settings in AWS:

Here is Netlify’s UI showing green for the domain names:

The previous NS records, which pointed towards AWS, had a TTL of 48 hours. They were changed to point to Netlify (with a shorter TTL this time of 24 hours) on Friday, which was more than 48 hours ago. Could the change still be propagating across all other servers where the old TTL of 48 hours is still cached?

Google sees my domain as pointing to Netlify. :face_with_raised_eyebrow:


Bump - Anybody? :confused:

Hi, @ab.sitedev. This domain is not using Netlify DNS. Here is the WHOIS data which reflects this:

$ whois | grep -i "name server"
Name Server: NS-1323.AWSDNS-37.ORG
Name Server: NS-630.AWSDNS-14.NET
Name Server: NS-508.AWSDNS-63.COM
Name Server: NS-1908.AWSDNS-46.CO.UK
Name Server:
Name Server:
Name Server:
Name Server:

It will look like Netlify DNS is in use because our NS records were added to the DNS zone. However, our name servers were not made the authoritative name servers for this domain. You can query them but they won’t ever be used with the current configuration.

I believe the instructions for changing the authoritative name servers for AWS Route 53 registered domains names can be found here:

To summarize, this domain name isn’t actually using Netlify DNS and updating the authoritative name servers at the domain registrar is the solution.

If there are other questions, please let us know.

1 Like

Thank you Luke! That was exactly the problem. Apologies for my lack of DNS knowledge, I’ve learned a lot since migrating to Netlify! I thought just changing the NS records was enough, But I completely neglected that you have to change the authoritative servers.

The site is now secured.

You rock!!

1 Like