Certificate request error is persistent (TLS Certificate can't be provisioned)

[Oabdalah23]

Certificate Request Error: Certificate provisioning will retry automatically in a short period, please be patient.
I receive this error every single time the TLS certificate tries to be provisioned. It’s been over 24 hours.
Should I be panicking, or is this normal?
My website link is kidkalc.com

[pixelicous]

Having the same issue here… for more than a few days.

ERROR: Certificate Request Error: Certificate provisioning will retry automatically in a short period, please be patient.

Removing CNAME file from repo like one suggested didn’t help.

Using custom domain with CNAME record that succesfully points to the pages.

I have a letsencrypt record, my dig command showing my cname>github pages profile>all pages a records (185.199.108-111.153)

I don’t get it…

[gunhachi]

Got the same error, and it’s not generating the tls till now . … 

[marcinole]

I’ve got the same problem. Is this an issue on GitHub’s side or is this due to bad config?

EDIT: The problem has now been resolved for me.

[amritamaz]

@marcinole Did you make any changes to anything to fix the problem? Or did it resolve on its own? Having the same problem over here.

[marcinole]

I switched my custom domain to the “www” subdomain but I had tried that before (unsuccessfully) so when it finally worked I had the impression that the issue was fixed on GitHub’s side.

[Fareed0001]

bless you for this reply

[Dgilliams]

I’m getting the same error and have made no new changes to my website. No bueno. Following this post in hopes someone figures it out. 

[HenryQW]

I’m having the same issue for days too.

Didn’t change DNS or anything.

[osagga]

I’m also having the same issue, been stuck on error for months now, is it from my side?

[osagga]

OK I actually figured out a fix, I’m using Cloudflare as my domain registrar, and in my DNS settings, my 4 A records that point to Github had the “proxied” type on them, and appreantly GitHub doesn’t like that, so I switched from “proxied” to “DNS only” (by just clicking on the word ‘proxied’), and it seems to work with my custom domain (without the www subdomain). and now the certificate is issued and things are looking good, I hope this helps someone out!

[svenjacobs]

I had exactly the same problem with Cloudflare. Turning off "proxied" fixed it for me, too.

[leaker]

thanks. works for me too.

[MarkoPaul0]

I was having a similar issue. Waiting for 24h hours didn’t fix anything. It turns out the problem was that my domain was parked by default (my domain provider is GoDaddy). I removed the parking A record, and 5 minutes later the TLS certificate was obtained. Then I could finally enable the “Enforce https” option in the GitHub pages settings. Then another 5 minutes later, my GitHub pages were online.

TLDR: try to remove the " A @ Parked" record in your domain provider DNS settings and then enable “enforce https” in GitHub pages settings.

[arkalsekar]

Thanks 🙏 man. You don't know how much hours I wasted just to figure this out. Thanks alot again. It worked for me as I too had my domain provide godaddy.

[odenipinedo]

Thanks for the info! I just made the changes on Cloudflare (to DNS only), and will update in a few days and see if it works.

EDIT: yep, that fixed it, almost immediately. If you have any type of DNS proxy make sure to shut it off, because the SSL cert authority is looking for specific A records.

[ecuber]

Was having an identical issue, but this fixed it for me. Thanks so much!

[Dgilliams]

Not sure what happened, Godaddy seems to be doing some wonky ish to my DNS. All of my A records for my github page had been deleted. My domain name is damosdesigns.com but now there’s a second domain name gdmig-damosdesigns.com in my account. No clue what that’s about. Adding those four A records back brought my website back up. 

[marlluslustosa]

I managed to solve it as most of you mentioned, unchecking the proxy option in the dns zone for the main domain (in my case cloudflare). However, there are some considerations to make:

If you have been using features like cache and workers, which need the server to process your request before actually accessing the website that is hosted on github, you will have problems with the functioning of your website when removing proxied.

In my case, using cloudflare I did the following:

• I removed the A entries of the proxied github from the dns zone in the cloudflare;
• I connected the enforce https via github pages;
• I waited for github pages to renew my tls certificate;
• I reconnected to A entries to be proxied again (on cloudflare);

I have to do this every 3 months, as github doesn’t seem to renew the certificate automatically, for cloudflare to automatically recognize the new certificate.

[uzbeki]

I had the same issue, turns out Github does not issue a TSL certificate unless your CNAME record is for www pointing to your username.github.io.
It took me days to figure that sucker out. Your problem should be solved within a few minutes after you change your DNS settings.

Here is what namecheap.com says:

Here you will need to create several records for your domain:

• A record for @ pointing to 185.199.108.153
• A record for @ pointing to 185.199.109.153
• A record for @ pointing to 185.199.110.153
• A record for @ pointing to 185.199.111.153
• CNAME record for www pointing to your username.github.io (the username should be replaced with your actual GitHub account username):

[curiousways]

Huh that's a tricky one isn't it, I also set CNAME to the apex, as you would usually do. Thanks for the info here.

[trade1234]

I have no word bro tnx! that's all

[davispuh]

This is crazy it's been years and I still hit this issue. I was pulling my hairs out because nothing seemed to work and there's no documentation regarding this gocha. Anyway now I added this www CNAME and it works <3

[kehiy]

@uzbeki Hi, we have all of these records set on our domain but we still have the same issue. any idea?

[kmajor]

+1 Huge thank you, this should be made clear in the docs.

[puja108]

I had the same issue suddenly without having changed my DNS records. GH was also saying they cannot resolve my domain. Turns out it broke when I enabled DNSSEC in namecheap, once I disabled this, resolving resumed working and after a while once TLS certificates for recreated I could re-enable enforce HTTPS. No need for having www in your CNAME, I do not have any www in there and it works.

[kanderson91]

Thanks! This fixed it for me too. I'm using Hover and I was following some guide that had me create a DNSSEC record on there. Once I deleted that DNSSEC record, Github was able to provision the certificates.

[Aadarsha2003]

How it has been solved ? Automatically or anything extra or I should wait for a day pls reply me and help

[Ritik82]

Yeah it’s working you all have do to first delete all DNS record and these 5records only then you domain is ready for hosting through GitHub.

[tarunkumar1405]

remove www from web address..

[nguye618]

I removed the www from the domain and now I can't enforce https. Any idea on how to solve this?

[nmatiash]

I also had the same problem just now, and it turns out the issue was in using a national alphabet domain.
In "custom domain" field in Github, I changed матяш.рф domain name to punycode xn--80axty8a.xn--p1ai and the TLS certificate was issued within a couple of minutes.

[mysubcult]

how did you do this? I can't bind a domain in this format, it gives an error

[edumats]

In my case, after waiting for about 22 hours and no certificate being issued, I simply deleted my subdomain.domain.com in GitHub Pages control panel and replaced with the same subdomain.domain.com. I waited for a minute and the certificate was up and running. I think GitHub tries to do the verification too early and it fails. For some reason, it don't retry the verification process unless you input a domain name again.

[federico-aguilar]

Literally same! Works now

[zufardhiyaulhaq]

Just FYI,

if you enable proxy on Cloudflare to GitHub pages, GitHub cannot generate the certificate.
So, I need to disable the proxy (only use DNS service on Cloudflare) deleted my subdomain.domain.com in the GitHub Pages control panel, and replaced it with the same subdomain.domain.com.

[jgkawell]

I had this same issue, and this solution resolved it. Thanks!

[odenipinedo]

Make sure to update the CNAME file in your Github Pages directory to reflect the change as well.- DanielOn Jan 31, 2023, at 1:18 PM, Cathleen ***@***.***> wrote: I removed the www from the domain and now I can't enforce https. Any idea on how to solve this? —Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you commented.Message ID: ***@***.***>

[nguye618]

Hm, I was hoping this was the solution but the CNAME automatically updated with the changes and still not able to enforce https. I'm very confused. I was able to publish my webpage several times with my custom domain with https. I don't believe any of the configurations are different and I periodically will remove and add the 4 As and CNAME on my DNS. Could it be a glitch that I need to wait out? It has been a couple days of no success though.

[odenipinedo]

I do believe the setup on the DNS side is a bit different in that you need to make sure A records are setup if you are using your top level domain name and not the www CNAME. In the documentation it is referred to as “apex” domain.Managing a custom domain for your GitHub Pages sitedocs.github.com- DanielOn Jan 31, 2023, at 9:09 PM, Cathleen ***@***.***> wrote: Hm, I was hoping this was the solution but the CNAME automatically updated with the changes and still not able to enforce https. I'm very confused. I was able to publish my webpage several times with my custom domain with https. I don't believe any of the configurations are different and I periodically will remove and add the 4 As and CNAME on my DNS. Could it be a glitch that I need to wait out? It has been a couple days of no success though. —Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you commented.Message ID: ***@***.***>

[neeteshbhati]

I am facing the same issue.

As mentioned in GitHub Docs and several replies, I have 4 A records and 1 CNAME record. There is no proxy setting equivalent on my registrar. I tried removing the verified domain and re-adding it. The DNS lookup is successful but it cannot generate a TLS certificate. What am I missing here?

CPANEL

DIG

[VanhDaiDeCopyright]

How did you verify the tls certificate?

[bendrice]

Did you happen to ever figure this out?

[neeteshbhati]

Unfortunately no, at least not exactly. I strongly suspect it was due to the "proxy issue" mentioned by some people on this thread. However, I couldn't find any setting on my registrar portal to change it. I was using Domain.com and later migrated to Google Domains now sold to Squarespace and things just worked fine. I suggest double-checking your DNS configuration and using a well-known domain registrar which is known to work with GitHub Pages.

[bendrice]

Thank you!

Do you happen to remember how long it took your domain to register into GitHub? I recently migrated to Squarespace domains (about 2 days ago) and I still get the TLS cert error. Is there any thing in particular you did that is unique to Squarespace that I am missing?

[neeteshbhati]

It took about 24 hours. I don't remember doing anything special for Squarespace. You should ensure that there are 3 different types of records and a total of 6 records for GitHub pages.

4 A records

1 TXT record

1 CNAME record

[maxlath]

I encountered that same error while I was trying to create many Github Pages at once: everything worked for about 50, and then it stopped working with no better error message than this. After trying all the tricks in the book, I gave up on Github Pages, and went on to try to reimplement the desired server on a VPS, running letsencrypt directly... which got me a much better error message: Error creating new order :: too many certificates already issued for "my.domain.exemple". Retry after *timestamp for 1 week from now*: see https://letsencrypt.org/docs/rate-limits/ 🤦

[juliahindle]

If you're using GoDaddy try going to the DNSSEC tab and clicking the button "Turn on DNSSEC." That immediately got rid of the error in github for me.

[jrgn9]

I am using Cloudflare, so I had to turn off DNSSEC and turn off proxy for both A record and CNAME. I also flattened CNAME at apex in DNS settings, but I don't know if that did anything to help. Anyways, it worked