ProsBuddy logoProsBuddy
Custom domain support

Custom Domain SSL & DNS Troubleshooting

Seeing ERR_SSL_VERSION_OR_CIPHER_MISMATCH on your domain? It almost always means the SSL certificate hasn't been issued yet — usually because of a DNS misconfiguration. Work through the checklist below.

Open custom domain docsContact support

1. Quick status checks

Run these three checks first — they pinpoint 90% of issues.

Check DNS propagation

Confirm your A records resolve to 185.158.133.1 globally.

Open DNSChecker

Check SSL handshake

Run an SSL Labs test to see what cert (if any) is being served.

Open SSL Labs

Check CAA records

CAA records must allow letsencrypt.org — or be removed entirely.

Open CAA Lookup

2. Required DNS records

These records must exist at your domain registrar. The exact verification token is shown in Project Settings → Domains.

Type
Name
Value
A
@
185.158.133.1
A
www
185.158.133.1
TXT
_lovable
lovable_verify=<token from Project Settings>

Important: remove any existing A, AAAA, or CNAME records on @ and www that point anywhere other than 185.158.133.1.

3. Step-by-step checklist

Work through these in order. Each step takes under a minute.

  1. 1

    Add the domain in Project Settings → Domains

    Add both the root domain (prosbuddy.com) and the www subdomain (www.prosbuddy.com) as separate entries. www is not auto-added.

  2. 2

    Verify A records at your registrar

    Both @ and www should be A records pointing to 185.158.133.1. Remove any old A or AAAA records pointing elsewhere.

  3. 3

    Verify the _lovable TXT record

    The TXT record value must match the lovable_verify=… token shown in Project Settings → Domains exactly.

  4. 4

    Remove conflicting DNS records

    Delete any leftover A, AAAA, or CNAME records on @ and www from a previous host. Conflicting records block SSL provisioning.

  5. 5

    Check CAA records allow Let's Encrypt

    If you have CAA records, they must include letsencrypt.org. If unsure, remove CAA entirely — Let's Encrypt is then permitted by default.

  6. 6

    If using Cloudflare, choose one path

    Either set DNS records to DNS only (grey cloud, not orange), OR re-add the domain in Lovable with the 'Domain uses Cloudflare or a similar proxy' advanced option enabled — that switches to CNAME-based verification.

  7. 7

    Wait for DNS propagation

    Usually under an hour, but can take up to 72 hours. Use DNSChecker to confirm the new records are visible globally.

  8. 8

    Retry provisioning in Lovable

    If the domain status shows Failed, click Retry. If it shows Offline, fix the DNS to match Lovable's records and it will recover automatically.

Using Cloudflare?

Cloudflare's orange-cloud proxy will block SSL provisioning. Either set the records to DNS only (grey cloud), or remove the domain in Lovable and re-add it with the "Domain uses Cloudflare or a similar proxy" advanced option — that switches verification to CNAME-based and works alongside the proxy.

4. Domain status reference

What each status in Project Settings → Domains means and what to do next.

How to retry provisioning

Open Project Settings → Domains. If status is Failed, click Retry. If status is stuck on Verifying, wait for propagation, then refresh the page.

Propagation timing

DNS changes usually take 5–60 minutes to propagate, but can take up to 72 hours worldwide. SSL is issued automatically once verification passes.

Still stuck?

Send us a screenshot of your DNS records and the domain status from Project Settings — we'll reply with the exact fix.

Contact supportinfo@prosbuddy.com