Custom domain stopped working, and Certificates ECDSA and RSA not verified

So my custom domain (http://dev.api.aara.app) stopped working. I’m not sure why so I checked the certificates.
I have set the correct A, AAAA and CNAME records on my DNS provider SquareSpace.
It seems that ECDSA and RSA have issues as they stay red for ever. I’ve waited more than 72 hours and still nothing.

Any help or advice would be very much appreciated :pray:

Hey @gkpo

Are you sure the DNS provider is properly configured?

I can’t resolve neither A nor AAAA record:

❯ dig +short a dev.api.aara.app
❯ dig +short aaaa dev.api.aara.app

Hello thanks for your reply:

Here are the records as I have inserted them into Squarespace.
Some zeros have been automatically added in the ipv6 address but no matter how many times I paste it, Squarespace keeps adding them. So I guess this is an equivalent adrress.

Also what are ECDSA and RSA certs ? I’ve seen many messages saying they don’t work but are they necessary ?

@gkpo

I can resolve the domain names now. And it seems certificates have also been issued:

❯ curl https://dev.api.aara.app
{"message":"Hello"}

Thanks so much for your help! Have you been able to identify what was the issue? we have changed a few things on our side as well, i’d like to know what fixed it!
Thanks again

I’m not sure if it was just a DNS propagation issue or some incorrect configuration on the DNS provider side, but LetsEncrypt couldn’t verify your domain and refused to issue a certificate.

It failed with:

DNS problem: looking up A for dev.api.aara.app: DNSSEC: DNSKEY Missing
DNS problem: looking up AAAA for dev.api.aara.app: DNSSEC: DNSKEY Missing

You can always check the status of your certificate with flyctl certs show <domain>, it should give you more details if something isn’t working.

indeed, Disabling DNSSEC is one of the things we did.
Thanks again,
All the best

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.