Posted inUS_1

DNS Served Right? Troubleshooting Certificate Issues After GoDaddy Reconfiguration

No Comments

We received a query from a user, @luke, regarding persistent issues in obtaining an SSL certificate even after reconfiguring DNS settings. Following recommendations, the user reverted their DNS management to GoDaddy, pointing an A record to Netlify’s load balancer and establishing a CNAME record for www.rennoco.com. Despite these adjustments, the problem persists, hindering the secure serving of their website.

To diagnose the issue, a dig trace command was executed, providing insights into the DNS resolution path. The trace reveals the query progression from root servers to top-level domain (TLD) servers for .com, and finally to the authoritative name servers for rennoco.comns73.domaincontrol.com and ns74.domaincontrol.com, which are indeed GoDaddy’s name servers. The A record correctly resolves to 104.198.14.52, which is expected to be within Netlify’s infrastructure.

; <<>> DiG 9.11.3-1ubuntu1.7-Ubuntu <<>> rennoco.com +trace
;; global options: +cmd
.                       83653 IN NS m.root-servers.net.
.                       83653 IN NS a.root-servers.net.
.                       83653 IN NS g.root-servers.net.
.                       83653 IN NS e.root-servers.net.
.                       83653 IN NS l.root-servers.net.
.                       83653 IN NS f.root-servers.net.
.                       83653 IN NS d.root-servers.net.
.                       83653 IN NS c.root-servers.net.
.                       83653 IN NS i.root-servers.net.
.                       83653 IN NS b.root-servers.net.
.                       83653 IN NS k.root-servers.net.
.                       83653 IN NS j.root-servers.net.
.                       83653 IN NS h.root-servers.net.
;; Received 512 bytes from 192.168.1.1#53(192.168.1.1) in 6 ms

com.                    172800 IN NS l.gtld-servers.net.
com.                    172800 IN NS b.gtld-servers.net.
com.                    172800 IN NS c.gtld-servers.net.
com.                    172800 IN NS d.gtld-servers.net.
com.                    172800 IN NS e.gtld-servers.net.
com.                    172800 IN NS f.gtld-servers.net.
com.                    172800 IN NS g.gtld-servers.net.
com.                    172800 IN NS a.gtld-servers.net.
com.                    172800 IN NS h.gtld-servers.net.
com.                    172800 IN NS i.gtld-servers.net.
com.                    172800 IN NS j.gtld-servers.net.
com.                    172800 IN NS k.gtld-servers.net.
com.                    172800 IN NS m.gtld-servers.net.
com.                    86400 IN DS 30909 8 2 E2D3C916F6DEEAC73294E8268FB5885044A833FC5459588F4A9184CFC41A5766
com.                    86400 IN RRSIG DS 8 1 86400 20200825150000 20200812140000 46594 . 1Y0V7nWy/PWrtq1VMQ4RmuwFLsLM4473h9tGhI8ZwycAYdU2lgVv8U0u
49BNfVBBOIuND7t1C7Db1V6baAgMNW5+Po1QJVZh0nPr2RS90P5zqNq3
d+lFpaAM6OqdgMZjx3WZlwHujgXXZF+n8WsEW1SORtid6klDvLHfsTwa
eaciZuv/SEeI8fsmuHyxwHMqOpLvJzTcfTJmMJGHjZO4g56OIsTNmVI/
VugDh027PRU6NywG6BNs+nF4rbrCNBvFBkeWChn5zniTbWgnhe4bJGVO
V0ReLinghIL3WXE61f54PKPIzJXqDUtlk0p/W0rf/abJtep7+BtrI/pk
u1IZzw==
;; Received 1171 bytes from 192.5.5.241#53(f.root-servers.net) in 2 ms

rennoco.com.            172800 IN NS ns73.domaincontrol.com.
rennoco.com.            172800 IN NS ns74.domaincontrol.com.
rennoco.com.            86400 IN DS 12353 13 2 3AAEACAB40CECC84E84E02A740D9B5B44B97263FF0D0806283046BE2D80B3636
rennoco.com.            86400 IN RRSIG DS 8 2 86400 20200818051544 20200811040544 24966 com. ZzfoNaGceTgv8n8bkH5+n9t2DkMrtyB2rea2u9IHSVUXy33fV4QjUGXi
Gm2jPdxXDpyM1vs8/eEOL+Od+DE5sYNL4Rrgh9m4gQMfyNohBJIo6H4p
Rta5mWl9O1TGCMi8WxfihwAAS5HC48ifnncB3Axgdj6zHxqXoUI674cy
8iI/EomoVwVISiHlgjD84gAy+nvoMymHE05s+QlCVeDmpg==
;; Received 423 bytes from 192.43.172.30#53(i.gtld-servers.net) in 142 ms

rennoco.com.            600 IN A 104.198.14.52
rennoco.com.            3600 IN NS ns73.domaincontrol.com.
rennoco.com.            3600 IN NS ns74.domaincontrol.com.
;; Received 108 bytes from 173.201.74.47#53(ns74.domaincontrol.com) in 214 ms

While the DNS records appear to be correctly configured, the inability to obtain an SSL certificate suggests a deeper issue. Potential causes could range from DNS propagation delays not being fully accounted for, to certificate authority validation challenges. It’s crucial to ensure that the DNS changes have fully propagated globally, as certificate issuance processes rely on verifying domain control through DNS records. Further investigation into the specific error messages encountered during certificate generation and a thorough check of Netlify’s SSL configuration settings are recommended to resolve why the domain is not being securely Served.

Comments

No comments yet. Why don’t you start the discussion?

Leave a Reply

Your email address will not be published. Required fields are marked *