Home
Support Forums

Branch subdomains, enable SSL

Hello Netlify team!

We are following guide how to setup branch subdomains. [Support Guide] How to use Netlify’s branch deploy feature without Netlify DNS

Our point 3 is:

nslookup netlify-staging-direct.3ctechnologies.link
Server:		192.0.2.2
Address:	192.0.2.2#53

Non-authoritative answer:
netlify-staging-direct.3ctechnologies.link	canonical name = staging.*-website.netlify.app.
Name:	staging.*-website.netlify.app
Address: 167.99.246.105
Name:	staging.*-website.netlify.app
Address: 3.67.153.12

We are on point 4 to contact support to enable SSL
Please help us to proceed

Hi @alisakova,

Which site is this? I’m not able to find any website with 3ctechnologies.link domain.

UPDATE: Sorry, I found the site, but looks like the DNS is not correctly configured?

@hrishikesh hi!

nslookup  netlify-staging-direct.3ctechnologies.link 8.8.8.8
Server:		8.8.8.8
Address:	8.8.8.8#53
Non-authoritative answer:
netlify-staging-direct.3ctechnologies.link	canonical name = staging.*-website.netlify.app.
Name:	staging.*-website.netlify.app
Address: 206.189.50.60
Name:	staging.*-website.netlify.app
Address: 206.189.52.23

CNAME works and redirects to correct netlify.app

Hi @alisakova,

I’m talking about these:

Till the time they’re not correctly configured, the SSL provisioning will not work.

@hrishikesh We are not using Netlify DNS that is why it shows warning. Can you specify the problem?

That warning means that the custom domain is not configured correctly - it has nothing to do with our DNS hosting.

However, let’s take a step back, since you are missing many prerequisites for this to work.

  1. branch subdomains apply ONLY to the primary custom domain, which is “netlify-frontend.3ctechnologies.link”. So your branch subdomain would be in the format “branchname.netlify-frontend.3ctechnologies.link”. If you don’t want that, change the primary custom domain to the appropriate hostname, like this:

  2. you need to deploy the branch in question successfully on the site. As far as I can tell you have never deployed a branch called “netlify-staging-direct”, which you’d have to, if you want to use this feature. If your branch has a different name, so must your DNS record (not in the target of the CNAME - in the hostname - so perhaps you mean “staging.netlify-frontend.3ctechnologies.link” ?

  3. the primary custom domain - whichever you choose - needs to be correctly served by us. Neither of your hostnames are configured correctly right now, so we cannot get the certificate to cover the primary domain, which is a prerequisite for this feature. Right now, Cloudflare is serving at least 3ctechnologies.link:

% host 3ctechnologies.link
3ctechnologies.link has address 104.18.28.177
3ctechnologies.link has address 104.18.29.177
3ctechnologies.link has IPv6 address 2606:4700::6812:1cb1
3ctechnologies.link has IPv6 address 2606:4700::6812:1db1

This article explains the many downsides to that config, including our inability to provision SSL certificates for it:

So, fix up your config, let us know, and then we can set things up on our side for branch subdomain SSL. Until you repair all 3 of the above things, we will not be able to.

We made some changes. Configured two records according to instructions. Cloudflare for secondary domain is bypassed, for first level is needed as we share path with other apps. Can you explicitly define that Netlify subdomain trick will not work for primary domains server with CloudFlare?

SECONDARY SUBDOMAIN:
nslookup staging.netlify-frontend.3ctechnologies.link 8.8.8.8
Server:		8.8.8.8
Address:	8.8.8.8#53

Non-authoritative answer:
staging.netlify-frontend.3ctechnologies.link	canonical name = 3com***-website.netlify.app.
Name:	3com***-website.netlify.app
Address: 3.125.252.47
Name:	3com***-website.netlify.app
Address: 3.64.200.242

PRIMARY DOMAIN:
nslookup netlify-frontend.3ctechnologies.link 8.8.8.8
Server:		8.8.8.8
Address:	8.8.8.8#53

Non-authoritative answer:
netlify-frontend.3ctechnologies.link	canonical name = 3com***-website.netlify.app.
Name:	3com***-website.netlify.app
Address: 3.125.252.47
Name:	3com***-website.netlify.app
Address: 159.65.118.56

Could you evaluate subdomain access once more.

Thank you for enabling SSL/TLS certificate
Unfortunately https://staging.netlify-frontend.3ctechnologies.link/ still getting getting NET::ERR_CERT_COMMON_NAME_INVALID as certificate issued for *.netlify.app only

Hi, @alisakova. There is a manual process our support team must follow before the branch subdomain will have working SSL. I’ve made that change now and the SSL is working when I test.

If you add other branch subdomains in the future, the Netlify support team will need to manually update the SSL again so please reply here in the future (or make a new topic if you prefer - either will work).

If the SSL for https://staging.netlify-frontend.3ctechnologies.link/ still doesn’t work when you test, please let us know.

1 Like

Thank you very much! Everything is fine :slight_smile: