An SSL certificate for a domain has failed to generate or renew

Check For Redirects #

This is especially important if you're using a proxy CDN like CloudFlare.

The SSL certificate provisioning process ensures that each and every domain that you have linked to your project is able to respond with a predefined string when requested.

The string for each domain and subdomain is different. This means that if you have a redirect set up in a proxy CDN, redirecting traffic from to, an incorrect verification string will be returned because the wrong domain is being queried!

To prevent this from happening you can add a redirect exception for any URL paths beginning with .well-known.

In CloudFlare this might look like:

Because CloudFlare will only match against one PageRule, the match against .well-known will always take precedence over the redirect to the non-www domain, effectively creating a redirect exception.

(The rule to set the 'Cache Level' to 'Standard' is just to get the PageRule to save, it can be set to anything inconsequential.)

Check for AAAA Records #

If your DNS records contain any AAAA records for the domain being validated, remove them. Servd does not currently support IPv6 addressing for its inbound traffic.