Home
Support Forums

SSL/TLS certificate errors/problems

PLEASE help us help you by writing a good post!

  • we need to know your netlify site name. Example: quirky-pasteur-efdcbe.netlify.app
  • DNS issues? Tell us the custom domain, tell us the error message! We can’t help if we don’t know your domain.

domains:

  • wreath.cards
  • www.wreath.cards

Problem:
It seems that I have successfully Delegate my AWS DNS to Netlify and have linked both wreath.cards and www.wreath.cards to netlify dns. However, I am gettting some weird error on in the domain settings when trying to set up HTTPS – SSL/TSL certificate.

First, when I look at the HTTPS section in my domain management it says “We could not provision a Let’s Encrypt certificate for your custom domain.” However, I have recently clicked 'Verify DNS configuration" and it says: " DNS verification was successful." But then when I reload the page it returns back to: “We could not provision a Let’s Encrypt certificate for your custom domain.” – naturally I assume that it just didn’t work.

But, then if I go to change www.wreath.cards to my primary domain, I receive a message saying: “We’re provisioning a certificate for your site, you cannot change custom domains until that process completes.” So know I think that it is still under provision.

Anyway, i am confused by the errors and have already tried steps 1-4 at DNS & HTTPS troubleshooting tips | Netlify Docs – (and am now on step 5).

Is there any suggestions that you guys have, or anything you can do directly? Feel as if I am at a dead end in terms of suggestions from docs.

One question I do have more directly, is can I even receive a TLS certificate from Netlify if my DNS is on AWS? Maybe this is why it is not working?

Hi @scott-schibli

This is partially true. It appears that DNS changes have not fully propagated yet. Some are showing Netlify DNS, some still showing AWS. You can use a tool such as DNS Checker to see what is happening (note though that this doesn’t represent every DNS server around the world.)

This may explain why you are seeing conflicting messages about the verification of your DNS and issuance of the SSL certificate.

Can you also check your domain configuration. Under Domains it is showing an A record pointing a Netlify’s load balancer (75.2.60.5) which is only used when you are configuring external DNS. When using Netlify DNS you don’t use this A record, rather Netlify automatically configures NETLIFY records.

If your DNS is in AWS, you can still use the external DNS configuration (linked above) and a certificate is still generated. What doesn’t work is when DNS is configured in both locations (either through misconfiguration or changes still propagating.)

Have a read through these Support Guides for further information

Hi, @scott-schibli. The issue is that you have not delegated DNS to Netlify.

These are the name server for that domain:

wreath.cards.		3600	IN	NS	ns-1052.awsdns-03.org.
wreath.cards.		3600	IN	NS	ns-179.awsdns-22.com.
wreath.cards.		3600	IN	NS	ns-957.awsdns-55.net.
wreath.cards.		3600	IN	NS	ns-1633.awsdns-12.co.uk.

You can also confirm that using the WHOIS data for this domain:

$ whois wreath.cards | grep "Name Server"
Name Server: ns-1633.awsdns-12.co.uk
Name Server: ns-1052.awsdns-03.org
Name Server: ns-957.awsdns-55.net
Name Server: ns-179.awsdns-22.com
Name Server: NS-179.AWSDNS-22.COM
Name Server: NS-1052.AWSDNS-03.ORG
Name Server: NS-1633.AWSDNS-12.CO.UK
Name Server: NS-957.AWSDNS-55.NET
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:

There is a support guide about why inactive DNS zones cause issues and how to fix them here:

If there are any questions not answered by that support guide above, please let us know.

Hello, thanks for the response!

I am still having trouble with this same problem of not getting approved for HTTPS – SSL/TSL certificate.

After checking the DNS tracker, I see that some dns servers still have :

*ns-1052.awsdns-03.org.*
*ns-957.awsdns-55.net.*
*ns-179.awsdns-22.com.*
*ns-1633.awsdns-12.co.uk.*

And others have the frou: dns(1-4).po1.nsone.net

I am confused because as the tutorials say, I have a A Record pointing to 75.2.60.5, and a CN Record that is pointing to the four: dns(1-4).po1.nsone.net

The only thing left is an SOA record in my AWS, that points to:
ns-179.awsdns-22.com. awsdns-hostmaster.amazon.com. ********

I haven’t changed this because it didn’t say too in the netlify tutorial, and I also looked into it and AWS says you shouldn’t change these. I have a feeling that I need to though. Should I set the SOA value to the same as my NS?

Let me know and thanks in advance!

It looks like this issue was due to propagation. DNS changes can take up to 48 hours before they take effect (or propagate).

I can see that the site is now secure! :tada: :slightly_smiling_face:

1 Like