Domain alias not appearing in SSL cert list

I’ve got two domain aliases but only one is showing up in the list of domains for the cert.

kind-booth-f1f950.netlify.app
Default subdomain

Options
1dollar1love.org
Primary domain

Options
www.1dollar1love.org
Redirects automatically to primary domain

Options
1dollar1love.com
Domain alias

Options
www.1dollar1love.com
Domain alias

SSL/TLS certificate
Your site has HTTPS enabled
Certificate
Let’s Encrypt
Domains
1dollar1loveDOTorg, www.1dollar1loveDOTcom, www.1dollar1loveDOTorg
Created
Yesterday at 3:55 PM
Updated
Today at 12:42 PM

hi there, maybe i am misunderstanding, but i see the same site load regardless of .com or .org domain name ending. are you seeing what you expect to seeing?

The issue is just with the .com URL with no www.

You get the “Your connection is not private” screen. You can see that for whatever reason that just that domain is not getting added to the list of domains under “SSL/TLS certificate”.

thanks for clarifying, i get it now. I’ll have to wait for someone to chime in who can fix your cert.

Just wanted to check in on this to see if anyone has any ideas as to what’s going on here. Thanks.

Hi, @mikeriley131.

We cannot update the SSL certificate to include 1dollar1love.com at time time because of conflicting DNS records.

There are two records found when I do the lookup:

1dollar1love.com.	600	IN	A	184.168.131.241
1dollar1love.com.	600	IN	A	104.198.14.52

The first record pointing to 184.168.131.241 is the issue. This is for an IP address which isn’t at Netlify.

Please delete that record, wait for it to time out (so wait ten minutes), and then click the “Renew certificate” button for the SSL certificate in our web app for this site.

This should resolve the issue. If it does not resolve it or if there are any questions, please let us know.

Hi Luke. So I tried doing the same thing with onedollaronelove.com, this time ensuring there is only one A record, pointing to 104.198.14.52, and again, I get onedollaronelove.com listed with the domains for my TLS cert, but not www.onedollaronelove.com. Any idea what’s up this time? In my DNS settings, the CNAME for www is set to @.

Disregard last message as this seems to be working correctly now.

Hi, @mikeriley131, while it is technically working now, the current configuration isn’t recommended. This is because you are directing all site traffic to a single CDN node, the one using the IP address 104.198.14.52.

The “@” in the DNS record for www is an alias for “this apex/bare/root domain” (which is 1dollar1love.com in this case).

Checking the DNS records, we do see that the “www” subdomain does point to the apex domain:

www.1dollar1love.com.	3599	IN	CNAME	1dollar1love.com.
1dollar1love.com.	3599	IN	A	104.198.14.52

This means the only IP address which will ever be used for this site in for a CDN node close to San Francisco. This is fine if all of you site visitors are in the western U.S.A. You site isn’t using our full CDN with the current DNS configuration.

Even if all your site visitors are on the west coast, we have more than one CDN node near San Francisco. You site could be using multiple servers but, instead, it only uses one. And we never intend for 104.198.14.52 to be the primary server for a site. It just isn’t how Netlify is designed to be used.

Our recommended configuration is found here:

These would be the correct DNS records:

www.1dollar1love.com.	3599	IN	CNAME	kind-booth-f1f950.netlify.app.
1dollar1love.com.	3599	IN	A	104.198.14.52

The second part of the solution here will be to make www.1dollar1love.com the primary domain for this site. This is what then enables multiple CDN nodes to be used. Right now, www is a 301 to the apex domain. This should be changes so that the apex is a 301 redirecting to the www subdomain.

We also cover the reasons for this here:

If you look up the IP address for that domain (kind-booth-f1f950.netlify.app), you will see that many different IP addresses are returned. Here is an example of me testing locally:

$ dig kind-booth-f1f950.netlify.app  +short
138.68.244.143
$ dig kind-booth-f1f950.netlify.app  +short
104.248.78.24
$ dig kind-booth-f1f950.netlify.app  +short
167.172.221.254

Three lookups. Three different IP addresses. If you make www a CNAME pointing to kind-booth-f1f950.netlify.app your site will being using the full CDN.

To summarize, you can keep the current configuration if you want. It is working but not ideally or how Netlify is intended to work.

If you don’t make changes though, you won’t be using our CDN (only a single node) and this is neither a recommended or supported configuration. We do recommend changing the DNS records and primary domain to match the instructions in our documentation.

If there are any questions about this, please let us know.

Thank you for the thorough response, Luke. I will make those suggested changes.

1 Like