Failed to generate a cert due to DNS Challenge fail?

*.tinyclient.app
Failed to Generate Cert
Learn more
Production
We could not generate a cert for tinyclient.app because the required dns-01 challenge failed.

It says dns-01 Challenge failed. How do I fix this? It seems to have happened a few times, and manually cleared by staff each time. What’s up with this?

Got the platforms starter kit, and tried adding *.mydomain.app as a domain, so it can tell me what DNS records to add on Porkbun, but it says it fails the challenge.

Vercel Platforms Starter Kit

Hi @subash-chandra, welcome to the Vercel Community!

Sorry that you are facing this issue. Have you tried removing the domain configuration and adding it again?

It usually happens when the DNS propagation isn’t finished at the time of cert generation. Can you retry?

I’ve retried like 4-5x.

Checking forum history for this same issue, it seems that Vercel Staff have manually cleared the failed cert each time, in the past.

Is it possible to clear this from your side?

Hi @subash-chandra, I see you are using a wildcard domain but not using Vercel Nameservers, right?

As per our domain docs:

If using your custom domain as a wildcard domain, you must use the nameservers method for verification.

I have added NS records * for ns1 and ns2.vercel-dns.com

It’s been like this for over 96 hours.

Cloudflare says “*.tinyclient.app is managed by ns1.vercel-dns.com.”

Please check on your end. I have searched this issue on the forums, and every time, it has been manually cleared by Vercel staff.

Hi @subash-chandra, I see the DNS propagation for NS records has finished now. So, I’ve manually issued the cert now.

If you face this issue again. You first have to ensure the proper DNS records are in place and propagated.