Wrong SSL certificate on subdomain

Netlify site name: chanelforclimate.netlify.app
Custom domain : cfc.spc.so

My problem: I already have another Netlify app using the spc.so and www.spc.so hostnames, so they are already configured to handle Netlify. I just added a CNAME on cfc.spc.so targeting chanelforclimate.netlify.app. Working flawlessly. The problem is with SSL: it’s been over 48 hours since the DNS checks passed, but still no little padlock on the top of my screen.

Even though there is a certificate, it isn’t valid: it only targets *.netlify.app hostnames.

Why could this be?

open your site on incognito windows.

The problem doesn’t come from cache here, tested it in multiple browsers in Private mode

Hi @deb

Welcome to our community!

Have you tried to manually issuing the certificate on your site’s settings under “Domain Management/HTTPS”?

If so, can you share a screenshot of that certificate section? Particularly the SSL/TLS certificate part.

Hope this helps!

Thank you! Here are the screenshots. (I had never seen the error message before, it must’ve started appearing recently)

I tried generating certificates with Let’s Encrypt from my CLI yesterday, but there seems to be issues with DNS permissions, I don’t remember clearly… it remains a last resort solution though, as I’m as inexperienced in SSL as one can get, and maintenance could be a challenge.

You’re not using Netlify DNS:

Refer to:

Thank you, now I know what to look for! Why do I need to use Netlify DNS? I already set the DNS parameters as recommended by the guide for external domains, is there a way to fix it while keeping my DNS management panel at DigitalOcean?

Hi, @deb. Using Netlify DNS is option and never required. If you want to use any other DNS service (your registrar’s or anyone else’s) then the instructions can be found here:

When I check, the required DNS records already exist so it is very close to workin:

cfc.spc.so.		21600	IN	CNAME	chanelforclimate.netlify.app.

However, there is an inactive DNS zone here:


This DNS zone will cause Netlify to try to verify the domain with Let’s Encrypt using DNS. However, as the DNS zone is inactive, this always fails.

If you delete the DNS zone at Netlify, then we will stop trying to use DNS to verify with Let’s Encrypt and we’ll use HTTP for verification instead. As the DNS record above does point to Netlify and now that HTTP verification will be used, the SSL provisioning will succeed.

If deleting the inactive DNS zone doesn’t fix this, please let us know.

Hey, thank you for explaining, I have a much clearer picture of the situation now. I just deleted the DNS zone on Netlify. The Netlify dashboard seems to have noticed it but still fails to provide an SSL certificate. I’ll give it some time before I try again, just in case.

Update: even though when I click “Provision certificate”, an error dialog saying “missing certificate” appears, the certificate is issued! My problem is solved, but perhaps you should look into why that dialog pops up in the first place, as it seems to be a mistake :slight_smile: