Can't generate Let's Encrypt SSL

We are wanting to switch DNS to Netlify for our site www.kindrid.com, however, Netlify automatically adds the apex redirect despite we use a different DNS service for apex redirection.

Due to this, we aren’t able to get a SSL through Let’s Encrypt because it flags the apex as “having multiple A records”.

Is there a way to only add the www for our custom domain?

@MB_Walton Welome to the Netlify community.

To the best of my knowledge, you cannot have two different DNS sources, so you cannot use Netlify DNS but have some other DNS provider do redirection.

Be that as it may, there is virtually no need to run Cloudflare in front of a Netlify static site. Most of the protections you get from Cloudflare are not needed when the files are provided from static files via CDN, which is what Netlify does.

My recommendation would be to switch to the Netlify DNS servers at your domain registrar, so that you bypass Cloudflare completely for any Netlify static site.

Hi, @MB_Walton, there is a setting I can enable on our site to do this (use www and not the apex domain itself). Note, once this is done only that specific domain name will work for this site. All other domain aliases are ignored (unless I manually add them as I did www and you can open new topics here to have our support team do this).

First, however, there is an inactive DNS zone for this domain at our service and it will need to be deleted before I can update the SSL certificate:

https://app.netlify.com/account/dns/kindrid.com#delete-dns-zone

If you delete that DNS zone above and then make CNAME record point the www subdomain to the Netlify site as described here, our support team can get the SSL certificate provisioned for just www alone (no apex domain required).

Please reply anytime if there are questions or if you are ready for us to enable "www only" for this site.

Thanks for your response.

I have removed the inactive DNS zone for this domain and we are ready for the suggested setting to be enabled.

Hi, @MB_Walton, also you don’t have to use Netlify DNS. We just need a CNAME record for the custom domain pointing to the site subdomain at Netlify. This is the “external DNS configuration”. The record would be similar to this:

www.kindrid.com.		1800	IN	CNAME	kindrid.netlify.app.

Of course, you are also welcome to use Netlify DNS.

Right now the DNS service used is Cloudflare. You can use Cloudflare DNS but if you proxy to the site using Cloudflare, this prevents us from creating the SSL certificate. There is more about this here:

​Please let us know when the DNS is pointing to Netlify (either external DNS or Netlify DNS) and well get the “www” only SSL working.