SSL/TLS certificates fail with A record

SSL is no longer auto generating for my netlify app after changing A record to in order to fix the current issues with the load balancers. My bare domain is now “insecure” and I can’t figure out how to solve this problem. Thanks in advance for your help!

netlify app
bare domain

hei there @graygabrielle - thanks for pointing this out! we are working as fast as we can to get you some more info. Stay tuned :pray:

1 Like

Due to this error Configure external DNS for a custom domain | Netlify Docs we updated the A record for from to

We can now get to but receive a error message in Chrome:

Your connection is not private
Subject: *

Issuer: DigiCert SHA2 Secure Server CA

Expires on: 3 Aug 2021

Current date: 25 Mar 2021

Please advise on what’s needed to get the certificates working again.

We handle our DNS through Route 53 and certificates generated on AWS.

I also found this related closed topic [Support Guide] Minimizing impact of load balancer not working.

hey @graygabrielle , we have looked into your account and DNS settings and it seems like the fact that there is a 4-hr TTL set up on your DNS is biting you with regards to this change, i’m afraid. We had our best heads on the case - we tried everything to resolve this but in your specific site’s case we were not able to speed these changes up. I’m sorry, we wish we had better news.

hey @pxg, we were able to take a look at your specific domain’s settings and you should see improvement now. Do you have a https cert showing for your domain now?

Yes it’s working now, thanks for your help!


if other customers report this specific SSL/TLS issue as descibed above, please let us know the full domain name(s) and we can attempt to remediate.

I appreciate your help. Does this mean the certificates will resolve in 4 hours?

at the latest, yes, 4 hours from when the record was changed. Sorry we don’t have better news - a 4 hr TTL is unusually long, normally we would recommend something less - we can definitely advise you as to what settings could be preferable when we are post incident! :netliheart:

1 Like

Unfortunately the domain was purchased a while ago through squarespace, and still has to be managed there. Squarespace does not allow me to change the TTL, and I can’t transfer the domain at the moment because we still host other content on a subdomain there on squarespace. Very frustrating :frowning:

Anyway, thank you again for all your help!

1 Like

you are welcome! of course we wish there weren’t any problems in the first place - it’s actually allll down to a third party outage of one of our cloud providers :expressionless:

We also made the change to the new IP and are having similar SSL issues on our end. The site in question is

Are there any additional steps I can take to resolve this? I believe our TTL is 1hr and that timeframe should have passed by now.

Hey there, @rybridge. Thank you for bringing this to our attention. This should now be fixed for you. Please confirm once you can!

Fixed! Thank you so much!

1 Like

Happy to help! Please let us know if anything else related to the change to the new IP comes up.

hej, we have another update - seems like the old load balancer IP is reachable again - the cloud provider in question (google) seems to be coming back up.

We still recommend keeping the new IP (which is through a different cloud provider), but hopefully your site is reachable now?

1 Like

Yes, all is working great again :slight_smile:

1 Like

Thank you for confirming, @graygabrielle ! We appreciate it. If anything else related to our service degradation pops up, please feel free to contribute to this ongoing thread.