Let’s Encrypt certificate provisioning

Let’s Encrypt certificate provisioning fails

Hi

I’ve got a domain set up in Netlify pointing at my site (http://mna.deals). I’ve checked that this domain (and the www. subdomain) are both pointing at Netlify.

I’m trying to provision an SSL certificate, but it keeps failing.

  • First it says it can’t verify the domain, so I click Verify DNS Configuration
  • Then it says DNS Verification Successful, and shows me a button to Provision Certificate
  • But when I click this, it takes me back to the first screen saying We Could Not Provision a Let’s Encrypt Certificate for your Custom Domain

(See attached)

I did see an article suggesting the DNS Verification doesn’t include www. and the cert can fail if this isn’t set correctly, but I’ve checked this and it seems fine.

Any help much appreciated!

Hiya @jonhewines and welcome to our community! Our system isn’t quite smart enough to tell you about this problem:

$ host mna.deals
mna.deals has address 104.198.14.52
mna.deals has IPv6 address 2001:8d8:1000:f3d0:8212:3c8e:aae9:e821 

This says that you’ve set a correct “A” record, but there is an incorrect “AAAA” (also known as IPv6) record still set at your hosting provider. Once you remove it, lets encrypt should succeed! (same for www.mna.deals!)

Further, please note that you have a suboptimal setting on www:

$ host www.mna.deals
www.mna.deals has address 104.198.14.52

This does NOT use our CDN but instead our data center in San Francisco, US. Check out this article for better guidance (TL;DR use a CNAME pointing to mna-deals.netlify.app):

Thank you so much for this - really appreciated. I’ll try it out and let you know if there’s any further problems, but thanks again for explaining clearly