Hi, I’m trying to add a SSL certificate for klassrummet.se. I changed my DNS settings according to the instructions 3+ days ago, but when I click “Retry DNS verification” it still says “www.klassrummet.se doesn’t appear to be served by Netlify”. Did I screw up? Or has the propagation stalled in some way?
Cheers, Marten
Hi, @martenbjork.
The domain in question isn’t pointing to Netlify (or any other hosting company) at this time. The following are the results of my local DNS queries:
$ dig klassrummet.se +noall +answer
; <<>> DiG 9.10.6 <<>> klassrummet.se +noall +answer
;; global options: +cmd
$ dig www.klassrummet.se +noall +answer
; <<>> DiG 9.10.6 <<>> www.klassrummet.se +noall +answer
;; global options: +cmd
There are no answers for either domain name above. I do see this domain is using a third-party DNS service in the WHOIS records:
$ whois klassrummet.se | grep -i "nserver"
nserver: A.NS.SE 192.36.144.107 2a01:3f0:0:0301:0:0:0:53
nserver: B.NS.SE 192.36.133.107 2001:67c:254c:301:0:0:0:53
nserver: C.NS.SE 192.36.135.107 2001:67c:2554:301:0:0:0:53
nserver: F.NS.SE 192.71.53.53 2a01:3f0:0:305:0:0:0:53
nserver: G.NS.SE 130.239.5.114 2001:6b0:e:3:0:0:0:1
nserver: I.NS.SE 194.146.106.22 2001:67c:1010:5:0:0:0:53
nserver: M.NS.SE 194.0.11.112 2001:678:e:112:0:0:0:53
nserver: X.NS.SE 2001:67c:124c:e000:0:0:0:4 213.108.25.4
nserver: Y.NS.SE 185.159.197.150 2620:10a:80aa:0:0:0:0:150
nserver: Z.NS.SE 185.159.198.150 2620:10a:80ab:0:0:0:0:150
nserver: ns1.dnsimple.com
nserver: ns2.dnsimple.com
nserver: ns3.dnsimple.com
nserver: ns4.dnsimple.com
The instructions for using an external DNS service to point a subdomain to a site at Netlify can be found here:
Would you please try creating the DNS records as described in the instructions above? If those instructions do not resolve the issue and/or if there are any other questions, please let us know.
Hi Luke,
Thanks for looking into this for me. Here’s my DNS records, configured through DNSimple. I’ve compared them to the DNS records that I have set up for my other Netlify apps and they seem to follow the same structure. Is there a mistake in here that I’m not seeing?
Hi, @martenbjork, I’m not getting answers when I query locally:
$ dig klassrummet.se A +noall +answer
; <<>> DiG 9.10.6 <<>> klassrummet.se A +noall +answer
;; global options: +cmd
$ dig www.klassrummet.se A +noall +answer
; <<>> DiG 9.10.6 <<>> www.klassrummet.se A +noall +answer
;; global options: +cmd
$ dig www.klassrummet.se CNAME +noall +answer
; <<>> DiG 9.10.6 <<>> www.klassrummet.se CNAME +noall +answer
;; global options: +cmd
This public web-based DNS lookup also returns no answer:
https://toolbox.googleapps.com/apps/dig/#A/klassrummet.se
I checked the DNSSEC configuration and I see errors there:
https://dnsviz.net/d/klassrummet.se/dnssec/
Based on this I believe the DNSSEC configuration is the root cause. If there are other questions about this, please let us know.
Follow up: I reached out to DNSimple and we were able to reset the DNSSEC settings. 30 minutes later, Netlify accepted the change and the certificate was generated.
Many thanks for your help with identifying the root cause!
Marten