In the process of rolling a new community and I thought I'd take the chance to learn and make a better do of it. Based on @eva2000 fremont thread https://community.centminmod.com/threads/linode-fremont-datacenter-outage.3080/ I figured I'd read up on route 53 and failover. I intrinsically followed the docs and this article: Create a Backup Website Using Route 53 DNS Failover and S3 Website Hosting | AWS Blog I also threw in https, both servers; primary and secondary are running centmin beta with acme for lets encrypt. So the primary is set as www.domain.com and the fail is setup as fail.domain.com << key issue Thus instead of S3 for a static fail host, I've opted for a vultr 512 sandbox. So my actors: domain.com -> alias to s3 static bucket which is a redirect to www.domain.com www.domain.com -> a ptr to primary IP fail.domain.com -> a ptr to backup IP The scenario is primary goes down, within a few minutes I'd like the secondary 'fail' to hold visitors hands. I've got a health check on the primary for https -> Domain Name Registration and Web Hosting | Domain.com, that is associated in the zones. I've got a www.domain.com A -> alias pointing to fail.domain.com Now, this works, except it doesn't. The alias means the backup is trying to serve up fail.domain.com as www.domain.com, QED a certificate error. TBH I'm pretty mashed, coming on 23hours awake today. The query then is, and in part to start a series of conversations, ideal blank sheet stuff. a. What did I miss? b. I'm guessing this just isn't going to work on letsencrypt. No rush I think I'm going to watch the dawn then curl up and hibernate. Cheers.