Apex domain isn't redirecting to www domain. Instead, browser displays security risk notice

https://glance.digital is not redirecting to https://www.glance.digital. Instead, viewers are getting a “warning: potential security risk ahead” message in their browser.

Hey @Lance,

This article (section ‘A records, Outages and DDoS Attacks’) suggests that you ensure that a CNAME record is configured for the canonical site URL.

On the other hand, it may be the case that you have a similar issue to this and, as such, one of the Netlify support engineers may need to sort the cert out.

Thanks for the response @Pie. My domain is managed by Netlify, so I believe that I need support from a Netlify support engineer. Do you know how I get support from them? When I tried, I got the message that free accounts need to get support via the community forums. Do I need to sign up for a paid plan, to get help with this?

Hey @Lance,

It looks like it’s propagated and, as such, both URLs are working as anticipated for me. Can you confirm that this is the case for you at your end?

Hi @Pie, thanks for following up. Yes, I upgraded to a paid plan and got some email support :wink:

Here is the explanation and fix, in case this helps anyone else:

I just got that fixed for you.

The issue was that your bare domain was not covered by your SSL certificate. Generally, the reason we are unable to provision a complete SSL certificate for your custom domain is that the DNS cache time to live (TTL) value for a record has not had time to expire (from your old settings) before you tried to use it with Netlify. Our SSL provider (https://letsencrypt.org) is unable to create certificates for names that have old cached values still in effect.

Depending on how you configure your domain, we may only attempt to fetch the certificate once - when you update your settings with the new domain name. Usually, if it is your first hostname on a site, we’ll try several times until we succeed.

If that process generates a partial certificate, there is usually a button in our UI to renew the certificate which would try to add all appropriate names.

The additional delay between your attempt and mine seems to have been enough to allow things to work right when I attempted to re-issue the certificate.

1 Like