404 when accessing Netlify site via a CNAME record (DNS not managed by Netlify)

Support
,
1

I have a Netlify site at: https://investindonesia2018.netlify.com which I can open fine.

I have a DNS CNAME record pointing to that site. The CNAME record is https://2018.investindonesia.us. (DNS is not managed by Netlify)

I can confirm with ping that the CNAME record is pointing to the Netlify site:

$ ping 2018.investindonesia.us
PING investindonesia2018.netlify.com (104.248.120.187): 56 data bytes
64 bytes from 104.248.120.187: icmp_seq=0 ttl=57 time=32.081 ms
64 bytes from 104.248.120.187: icmp_seq=1 ttl=57 time=37.841 ms
64 bytes from 104.248.120.187: icmp_seq=2 ttl=57 time=23.941 ms
64 bytes from 104.248.120.187: icmp_seq=3 ttl=57 time=30.563 ms

But when I access it via the CNAME record, it seems like (Netlify) returns 404?

$ curl -v https://2018.investindonesia.us
* Rebuilt URL to: https://2018.investindonesia.us/
*   Trying 104.248.120.187...
* TCP_NODELAY set
* Connected to 2018.investindonesia.us (104.248.120.187) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/cert.pem
  CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server accepted to use h2
* Server certificate:
*  subject: CN=*.investindonesia.us
*  start date: Sep 19 16:02:27 2019 GMT
*  expire date: Dec 18 16:02:27 2019 GMT
*  subjectAltName: host "2018.investindonesia.us" matched cert's "*.investindonesia.us"
*  issuer: C=US; O=Let's Encrypt; CN=Let's Encrypt Authority X3
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x7fb2c3800800)
> GET / HTTP/2
> Host: 2018.investindonesia.us
> User-Agent: curl/7.54.0
> Accept: */*
>
* Connection state changed (MAX_CONCURRENT_STREAMS updated)!
< HTTP/2 404
< cache-control: max-age=30, public
< content-length: 9
< content-type: text/html; charset=utf-8
< date: Thu, 31 Oct 2019 17:09:43 GMT
< strict-transport-security: max-age=31536000
< x-content-type-options: nosniff
< x-frame-options: ALLOWALL
< x-request-id: 52bae1c1-21ae-44ce-ad75-8f0c91a33b16
< x-runtime: 0.008440
< age: 0
< server: Netlify
< x-nf-request-id: 4b132918-8edb-4dee-b1a1-5cc4a8b81c07-964359
<
* Connection #0 to host 2018.investindonesia.us left intact
Not Found

Accessing it via the Netlify URL directly is working fine:

$ curl -v https://investindonesia2018.netlify.com
* Rebuilt URL to: https://investindonesia2018.netlify.com/
*   Trying 142.93.122.177...
* TCP_NODELAY set
* Connected to investindonesia2018.netlify.com (142.93.122.177) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/cert.pem
  CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server accepted to use h2
* Server certificate:
*  subject: C=US; ST=ca; L=San Francisco; O=Netlify, Inc; CN=*.netlify.com
*  start date: Jul  3 00:00:00 2019 GMT
*  expire date: Jul  7 12:00:00 2020 GMT
*  subjectAltName: host "investindonesia2018.netlify.com" matched cert's "*.netlify.com"
*  issuer: C=US; O=DigiCert Inc; CN=DigiCert SHA2 Secure Server CA
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x7fd0ac80b200)
> GET / HTTP/2
> Host: investindonesia2018.netlify.com
> User-Agent: curl/7.54.0
> Accept: */*
>
* Connection state changed (MAX_CONCURRENT_STREAMS updated)!
< HTTP/2 200
< cache-control: public, max-age=0, must-revalidate
< content-type: text/html; charset=UTF-8
< date: Fri, 01 Nov 2019 02:30:03 GMT
< etag: "006baee9d0419051a1577ff2bde24a7c-ssl"
< strict-transport-security: max-age=31536000
< age: 0
< server: Netlify
< x-nf-request-id: e37aec7c-baa5-427a-87a7-ed1fc4da767f-1231903

<the rest of the response>

Could someone help me figuring out the issue? Thanks!

2

Sure! We only serve content for hostnames that are configured at Netlify. We don’t have to manage DNS, or buy the domain for you, but the name must be applied to a site, in its domain settings UI. If it isn’t - we don’t know what site to serve! DNS CNAME is the first half, configuring in our UI is the second.

Once it’s applied to the site (here: Netlify App) then it should work in the browser :slight_smile: