Hey @Lance,
This article (section ‘A records, Outages and DDoS Attacks’) suggests that you ensure that a CNAME record is configured for the canonical site URL.
On the other hand, it may be the case that you have a similar issue to this and, as such, one of the Netlify support engineers may need to sort the cert out.