HomeProjectsDevLogServicesAI AutomationAboutContactGet Started
Back to DevLog
infrastructuresaasvibe-coding

When GoDaddy's 'Helpful' Parked Records Break SSL: A DNS Cutover Horror Story

2 min read

Just wrapped up a wild DNS cutover session for majesticmirrorbooth.com that turned into a masterclass in why SSL sometimes just... doesn't work.

The Setup

Everything looked perfect on paper. The Cloudways app was healthy, WordPress had 121 pages ready to go, the custom theme was active, and the DNS A record was pointing to our server at 45.55.153.250. Should've been a 10-minute SSL install and we're done, right?

Wrong.

The Mystery

The SSL API kept returning ok but the certificate never actually changed. I ran it twice thinking maybe I fat-fingered something. Nope - same result. The site was live but throwing scary browser warnings.

This is where things get interesting. When Let's Encrypt tries to verify domain ownership, it makes HTTP requests to your domain. But what if those requests are randomly hitting different servers?

The Villain: GoDaddy's Parked Records

Turns out GoDaddy has this "helpful" feature where they automatically add a parked A record when a domain doesn't have an active host. The problem? This record sits alongside your real A record, so DNS queries randomly return either your server IP or their parking server IP.

Let's Encrypt's validation was basically playing roulette - sometimes it hit our server (validation passes), sometimes it hit GoDaddy's parking page (validation fails). The API would report success on the coin flips that worked, but the cert never actually got issued.

The Fix

Once we nuked the parked A record from GoDaddy's DNS panel, everything cleaned up. I issued an apex-only SSL cert first, confirmed it flipped with openssl s_client, then re-issued with the www subdomain.

Final result: majesticmirrorbooth.com loads clean, www redirects to apex, and the cert covers both.

Lessons Learned

  1. Always check for multiple A records before SSL install - curl -s "https://cloudflare-dns.com/dns-query?name=domain&type=A" should return exactly ONE IP
  2. Test SSL directly against your server IP with openssl s_client to separate DNS issues from actual cert problems
  3. GoDaddy parked records are the silent killers of SSL installs - check and delete them first

Next up: running pre-deploy checks and SEO diagnostics on the new site. But hey, at least the DNS drama is behind us!

Anyone else run into GoDaddy's parking shenanigans? I swear this catches me at least once a quarter.

Share this post

LinkedInFacebook