Currently provisioning your Let’s Encrypt certificate has been stuck for over 48 hrs

Provisioning certificate for site “secondlifeharvest” is taking more than 48 hours. It’s been days please help.

Can anyone help with this issue? The provisioning keeps spinning and my cert is invalid.
https://www.sslshopper.com/ssl-checker.html#hostname=secondlifeharvest.org

None of the common names in the certificate match the name that was entered (secondlifeharvest.org). You may receive an error when accessing this site in a web browser.

Hi Matt,

Sorry to hear about the trouble! You seem to have configured your DNS for secondlifeharvest in a way that breaks a lot of things - I’d be surprised to hear that your site is working, or your email :grimacing:. Here’s what seems to have happened:

I believe you have configured a CNAME record for secondlifeharvest.org. While this normally activates our CDN, in this case, it is not a good configuration. This tool shows the problem in another way:

https://dnsviz.net/d/secondlifeharvest.org/dnssec/

I’d suggest you remove that CNAME record, add instead an A record as our docs suggest you do for the bare domain, and then your certificate will be able to be provisioned.

After you make that change, and wait for the cache timeout to pass (can’t tell what it is presently, but generally ranges from ~5 minutes to a couple of days; it will be called “TTL” in your registrar’s website and the value is listed in seconds), then the “error” on the dnsviz site should go away if you re-analyze your domain (starting from here: https://dnsviz.net/) as well.

Thank you Chris! I will give this a shot!

Hi Chris

I went ahead and removed the CNAMES and tried to add an A record to the bare domain bubt I get the following error: dns_api secondlifeharvest.org - secondlifeharvest.org/A: 400 - link exists, all config must be empty. Is this something to do with the NETLIFY system records being present?

That means there is already an A record in place - or actually, a “better than A record” - a NETLIFY record which you can see in our UI (only you and our staff can access this URL: https://app.netlify.com/teams/mattshade/dns/secondlifeharvest.org but here is a screenshot):

When you use our DNS, you do not need to manually add records for Netlify-hosted website hostnames - we create NETLIFY records for you when you apply the name to a site, so you’re all set!

1 Like

Thanks again Chris! Site is back to being secure!