SSL certificate issue problem

I want to issue an SSL certificate for domain: https://driggl.com - with a redirect from https://www.driggl.com to it.

I have set up the proper DNS records for the root domain. You can check it here: (https://www.whatsmydns.net/#NS/driggl.com) and inside of the Netlify panel I did set up the NS records for www subdomain to point to Netlify NS records as well: (https://www.whatsmydns.net/#NS/www.driggl.com)

However, DNS verification still fails. It says, that www.driggl.com does not point to Netlify servers…

Sometimes the DNS verification succeeds for the root domain, but in other time it also generates errors (i.e.: “driggl(dot)com is not resolvable with a resolver that validates DNSSEC” or: “driggl(dot)com doesn’t appear to be served by Netlify”

The Troubleshooting guide says, to contact support in case one domain succeeds and other fails, so here I am. Is it possible for you to help me with that?

Update:

Unfortunately I needed to revert my DNS configuration and point it out to my old servers.
If there is anybody who could put some light on this topic, I’d appreciate any help.

Hi there,

You don’t use our DNS, even though you have it configured:

$ whois driggl.com
   Domain Name: DRIGGL.COM
   Registry Domain ID: 2197804433_DOMAIN_COM-VRSN
   Registrar WHOIS Server: whois.netart-registrar.com
   Registrar URL: http://www.netart-registrar.com
   Updated Date: 2019-11-17T19:42:14Z
   Creation Date: 2017-12-09T15:42:34Z
   Registry Expiry Date: 2019-12-09T15:42:34Z
   Registrar: NetArt Registrar Sp. z o.o.
   Registrar IANA ID: 1456
   Registrar Abuse Contact Email: abuse@netart-registrar.com
   Registrar Abuse Contact Phone: +48 22 454 48 85
   Domain Status: ok https://icann.org/epp#ok
   Name Server: NS1.DIGITALOCEAN.COM
   Name Server: NS2.DIGITALOCEAN.COM
   Name Server: NS3.DIGITALOCEAN.COM

So, no changes here will have any effects, and that hostname is indeed (on digital ocean’s servers) not pointing to us.

You’ll also want to remove all of these records as they are incorrect:

Those are…well, not going to do anything useful but do obscure the situation.

Once you fix up DNS so it is pointing to us and not digital ocean:

$ host driggl.com
driggl.com has address 46.101.98.25

…then our SSL can work. To change nameservers you must do so at your registrar rather than in our UI :slight_smile:

Thanks, but as I mentioned in the post above - I needed to revert my DNS configuration to keep my site working. I inded have some issues with the domain registrar which I need to solve first. Thank you.

Hi, @driggl, the following community topics may prove helpful when making the change to Netlify DNS:

Any previous DNS record must expire for the new records to be used. The caching and expiry of DNS records is controlled by the “time to live” or TTL values in the DNS records themselves.

I currently see the following NS records for this domain:

driggl.com.		21599	IN	NS	b.zeit-world.co.uk.
driggl.com.		21599	IN	NS	c.zeit-world.org.
driggl.com.		21599	IN	NS	e.zeit-world.net.
driggl.com.		21599	IN	NS	f.zeit-world.com.

The TTL above shows 21599. This is likely 21600 which is the time in seconds - in other words, a six hour time to live.

This means, when the NS records above are changed, the any other DNS servers on the internet beside the ones listed in the NS records themselves will almost certainly cache the old records for another six hours.

Netlify doesn’t control this caching, your DNS records themselves control it.

Again, the two topics above discuss ways to avoid downtime when making the switch to Netlify DNS. Please see those for more information and, if the solutions there don’t work for you, let us know here.