SSL/TLS certificate - Waiting on DNS propagation


I’ve recently deployed my website on netlify, under the domain name “”. I’ve waited more than 48 hours since the DNS change (the domain “” is registered under AWS), but the certificates for the site still haven’t been issued.
I’d appreciate some help troubleshooting the situation.
Thanks in advance,

Hey @snatchysquid

I see you have configured to use Netlify DNS. However, there is an A record pointing to the Netlify load balancer IP address which should not exist.

This is what DNS should like (with different domains)

and then the site custom domain settings like

Do you see a NETLIFY record for both apex and www subdomain, or did you delete them?

another update:
Now that I’ve removed the balance loader record, my site is inaccessible.

You should see the NETLIFY records in the same place the A record was

If you don’t see see them, you can remove as the custom domain from your Netlify site, then re-add it which should create these records automatically.

What you have in that screenshot is correct.

You should have no records in the AWS console. If you have nameserver records other than Netlify, you need to remove them. I.E. You need to remove these records if they exist

Name Server: NS-1476.AWSDNS-56.ORG
Name Server: NS-247.AWSDNS-30.COM
Name Server: NS-704.AWSDNS-24.NET
Name Server: NS-1874.AWSDNS-42.CO.UK

You cannot use both AWS and Netlify DNS.

You can set most records (MX, TXT, etc.) in Netlify. See [Support Guide] How do I migrate a domain to Netlify DNS with zero downtime?

If however you are unable to do this and need to maintain records in AWS, then you cannot use Netlify DNS and will need to follow Configure external DNS for a custom domain instead.

Further reading


I decided to follow the 2nd option of “Configure external DNS for a custom domain”. As a matter of fact this is what I did in my original setup, and it does indeed require using the loadbalancer record (and again, after removing the record, the site is no longer accessible).

Correct, you need to have an A record for the apex pointing to the load balancer, a CNAME for the www subdomain pointing to your Netlify site e.g. and need to ensure the dns? NS records are removed, and also remove the domain from Netlify Domains.

Yes. If you are configuring your domain using external DNS, you don’t need (and cannot have) it configured in Netlify DNS also.

If you are not using Netlify DNS (which, again, if you have configured using external DNS you are not) then you will need to use AWS nameservers.

I’ve followed all of the steps. Now should I simply wait 48h for changes to propagate?
Thanks for all of the help!

As long as everything is configured correctly, it shouldn’t take 48 hours (although it can in some cases.)

Ok, I just checked, and are both accessible although without SSL.

If you go to the custom domains section for your site and scroll to the SSL/TLS Certificate section you might find a “Renew Certificate” button. If so, click it and with luck it will provision a certificate for your domain

Yes, that’s correct, as you are no longer using Netlify DNS.

Both and have SSL, and redirects automatically to

If you are having issues with the site loading with SSL, you may have local caching issue because of previous attempts to access the site when SSL wasn’t provisioned.

http:// automatically redirects to https:// by default.

1 Like