Cannot generate new cert via Netlify

Hi guys, please can you help debug why Lets Encrypt won't issue me a cert?

My domain is:

I ran this command: netlify cert gen

It produced this output: We could not provision a Let’s Encrypt certificate for your custom domain.

My web server is (include version): Netlify

The operating system my web server runs on is (include version): N/A

My hosting provider, if applicable, is: Netlify

I can login to a root shell on my machine (yes or no, or I don't know): no

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): Netlify

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): n/a

Many thanks for any advice!

I'm most suspicious of my SOA record as it seems that AWS (used to buy the domain) insists on keeping SOA even though Netlify is now the name server.

Do you think I should delete and re-create the route53 hosted zone?

Kind regards,


Well, Netlify itself might have some kind of configuration for your domain, but currently when I trace it, it's just saying AWS, AWS and more AWS. Except for the SOA record.

However, that SOA record was coming from an AWS nameserver? That's not how it's supposed to work. If you want to change DNS from AWS to Netlify, you need to change the authorative DNS servers at the DNS registar from AWS to Netlify.


Thanks Osiris for your speedy response!

My colleague has just spotted something inside AWS. Although I had changed the settings in the hosted zone there is an additional place to configure the name servers under 'registeted domains' in route53 - these were still pointed to AWS' NS servers!

I've updated them now, so fingers crossed we come good.


I now see that your authorative nameservers have changed to NSOne nameservers.

I also see the wildcard certificate you just got issued, so everything seems to be in order :slight_smile:


Spot on! Thanks for your help :slight_smile:


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.