I’m having an issue where my Let’s Encrypt SSL is stuck on provisioning. There is currently a custom SSL from Sectigo installed but I wish to switch it to Let’s Encrypt. It has been over 12 hours and I am not sure what to do. All my DNS records are fine and the Domain panel detects all the domains correctly pointed to the Netlify CDN.
Hi, @jongia132, I think you might be actively working on this because things keep changing.
First, the site currently works when I test. But it didn’t for the apex/bare/root domain when I first checked:
I did a DNS look for the apex/bare/root domain and got nothing, just the SOA record:
$ dig jonathang.me A ; <<>> DiG 9.10.6 <<>> jonathang.me A ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59166 ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;jonathang.me. IN A ;; AUTHORITY SECTION: jonathang.me. 1799 IN SOA dns1.registrar-servers.com. hostmaster.registrar-servers.com. 1595834521 43200 3600 604800 3601 ;; Query time: 97 msec ;; SERVER: 126.96.36.199#53(188.8.131.52) ;; WHEN: Mon Jul 27 00:25:36 PDT 2020 ;; MSG SIZE rcvd: 114
However, it is working now just a few minutes later:
$ dig jonathang.me A +noall +answer ; <<>> DiG 9.10.6 <<>> jonathang.me A +noall +answer ;; global options: +cmd jonathang.me. 299 IN A 184.108.40.206 jonathang.me. 299 IN A 220.127.116.11
Our external DNS documentation recommends two DNS records. If an ALIAS type record for the apex domain isn’t supported we recommend an A record for the apex domain and a CNAME for the www subdomain, similar to the records below:
jonathang.me. 1800 IN A 18.104.22.168 www.jonathang.me. 1800 IN CNAME jongia132.netlify.app
I find the CNAME record:
$ dig www.jonathang.me +noall +answer ; <<>> DiG 9.10.6 <<>> www.jonathang.me +noall +answer ;; global options: +cmd www.jonathang.me. 1798 IN CNAME jongia132.netlify.app. jongia132.netlify.app. 19 IN A 22.214.171.124 jongia132.netlify.app. 19 IN A 126.96.36.199
For the apex/bare/root domain I see the what appears to be an ALIAS record working (because it returns two IP address and both of them are for our CDN nodes).
Note, this keeps flapping (changing from working to non-working). The DNS record are now gone again just in the time it took me to write this:
$ dig jonathang.me A +noall +answer ; <<>> DiG 9.10.6 <<>> jonathang.me A +noall +answer ;; global options: +cmd
Are you actively making changes? Please consider that time to live values (TTLs) will potentially cause delays to changes.
If there are any questions for us, please let us know.
Yes, I was recently making changes to see if I can get the SSL to issue. I have now stopped making changes to the DNS and the records should work now. As for the Apex domain, I am indeed using an ALIAS record.
Would you be able to reset the SSL status so I can manage my custom SSL?
Hi, @jongia132, done! Please let us know if there is more we can do to assist with this or if there are any questions.
Nope, that would be all.