This tutorial only applies to users whose accounts were created after April 8th, 2019. If you are a user with an older account and are having issues with your SSL certificate, please contact support@twentyoverten.com for assistance.

Congratulations on going live with your new website! Now that your site is live, have you tried turning on your SSL certificate and gotten a “try again” message? If so, there may be an issue with the way your domain name settings (DNS) are configured. Below are the two most common reasons why the SSL certificate will not turn on and how to resolve those by changing your DNS.

In order for your SSL certificate to turn on properly and automatically renew every three months, all 3 of our DNS records need to verify within the Domain Settings management panel of your Twenty Over Ten account. Your account should look something like this:

If any of those three records are still red and listed as “pending,” then you may need to add that record to your domain’s DNS.

Log into your personal DNS management system and double-check the records. Are both of the A records added? Is the CNAME record added with “www” as the host/name value? If not, resolve those issues and then allow at least 24 hours for your DNS changes to fully propagate. Then, check your Twenty Over Ten account again to see if all of the records have been verified.

If all of your DNS records are verified within your Twenty Over Ten account, but you are still receiving an error when you try to turn on your SSL certificate, you most likely have a conflicting A record within your DNS. A records with the “@” host/name value is what tells your domain name where to point in order to show people your website. If there are A records with the “@” host/name value pointing to non-Twenty Over Ten IP addresses, that will cause the SSL certificate to fail to enable and can also cause issues with your website loading properly.

Log into your personal DNS management system and look at your list of A records. You should have two A records with the “@” host/name value that are for your Twenty Over Ten website, one that points to 18.209.242.7 and another that points to 3.88.95.32.

Do you have any other A records in your account? If so, what are the host/name values? If any of the other A records have host/name values that are your root domain name or the “@” symbol, they could be the culprit and need to be removed from your DNS.

Please note that this does not apply to A records for subdomains. A records for subdomains will typically have a unique host/name value that is not your root domain name or “@” symbol. “Email” or “Blog” are commonly used subdomain names, but this will vary depending on your personal subdomains if you have any.

Use caution when deleting records from your DNS. Take a screenshot of the record you are going to delete in advance or otherwise make a note of what the record contained in case you need to add it back in the future. Delete the conflicting A record from your account and allow 24 hours for your DNS changes to fully propagate. Then, try again to enable your SSL certificate.

Please contact support@twentyoverten.com with a screenshot of your current DNS configuration for additional assistance.