Support Forums

Enabling SSL on Subdomains v1


I am having the same issue as Kyle on the Topic “Enabling SSL on Subdomains:grimacing:. However, I am not sure what to do as I am really new to this and just started to do my own DNS setup :scream:. My website is MacSwag.com.au, the netlify URL is macswag.netlify.app. I am just needing my subdomain shop.macswag.com.au to have an SSL certificate just like my main domain, however, I don’t know what to do :partying_face: :confounded:, could I get some help, please. Thanks in advance

Kind Regards

Hi, @HitPixel. Our service only provisions SSL certificates for sites hosted on our service. I’m showing this domain name is configured to point to an IP address outside of Netlify.

This is fine but you will need to provision your own SSL certificates for third-party systems. Our service doesn’t provide any way to export SSL certificates for use with a third-party system.

One solution for this is to install and run the Let’s Encrypt certbot on the third-party system (provided you have direct access to the system):

You can also purchase SSL certificates from other companies if you prefer.

If there are other questions about this, please let us know.

Hi @luke,

Thanks for the email. I am hosting shop.macswag.com.au at Lightsail (Amazon) however I am unable to get the TXT record to work. Should I add the text record to Netlify or the Lighsail? cause when I add it on Lightsail TXT doesn’t get recorded or read properly and when I add on Netlify it crashed my site showing site is not found. Please help. Thanks


Need help with subdomain SSL, My main domain is macswag.com.au, however, I can’t get the SSL for the shop.macswag.com.au. please help

Kind Regards

Hi, @HitPixel. A TXT record cannot affect a deployed site so I’m not sure what happened there.

Again, because shop.macswag.com.au isn’t hosted at Netlify, you are responsible for getting that SSL working. We only provide SSL for sites hosted at Netlify and that one is not.

@HitPixel Not only is shop.macswag.com.au not on Netlify, it is a WordPress site so it couldn’t be on Netlify. You may need to buy a wildcard SSL certificate for macswag.com.au and all subdomains, apply it first via your registrar, then install the certificate at Netlify, your WordPress host, and wherever else you need it.

Hi @gregraven & @luke, I have done the certificate obtained from AWS, however, my site is not visible on my other devices except my Macbook, which I use to build the site. Why is this happening, everything was working fine before the certificate TXT was added.

I also find out that it is only not working for the https://shop.macswag.com.au, however, it works with the, so I don’t quite understand what I have done wrong. Please check out the images provided below.

hi there, i think it just needed a little more time:

seems to be loading perfectly on my end in West Coast USA.

Hi, @HitPixel. You would need to do a traced (recursive) DNS lookup from the device getting the wrong DNS response. However, I don’t know how you might do that on your mobile device.

In most cases I install dig and do a +trace options query for the record behaving strangely.

For example, I would run this:

$ dig +trace shop.macswag.com.au

; <<>> DiG 9.10.6 <<>> +trace shop.macswag.com.au
;; global options: +cmd
.			10381	IN	NS	m.root-servers.net.
.			10381	IN	NS	k.root-servers.net.
.			10381	IN	NS	g.root-servers.net.
.			10381	IN	NS	h.root-servers.net.
.			10381	IN	NS	i.root-servers.net.
.			10381	IN	NS	j.root-servers.net.
.			10381	IN	NS	a.root-servers.net.
.			10381	IN	NS	b.root-servers.net.
.			10381	IN	NS	e.root-servers.net.
.			10381	IN	NS	f.root-servers.net.
.			10381	IN	NS	c.root-servers.net.
.			10381	IN	NS	d.root-servers.net.
.			10381	IN	NS	l.root-servers.net.
.			10381	IN	RRSIG	NS 8 0 518400 20201215220000 20201202210000 26116 . QuSB8wSRWoyXtCRI+uabTH6s4Stpfiv9SAjVEUWzFvPbOtMF36rkHUl+ sCaKjC49qKJzq0nWCqB0yUEr9pKFQy0EtI+8wm6TOQiyCuk+lHWiPu41 Wt8V2id9WP2lhyWzO1OSFVNGSGEbBcZR8UddaJvkalt6HrxvMxnllRfj ykq3KyFpv8TYYswCZQ1iVN27yw1KmCKz4vhWGJRbzP3gDGnKf9Zem5RD 5yfQgCgSQGQC0QzNlzUar/AbUpnawSpP/o2iE119aqPSbhrLXKtoXJVT 2Jz5pv+JeQt0S9/5BHwpObQBYKqW2lzhy4+jEKvYv/I+dyQnAsCTAwXY /ZIm2Q==
;; Received 525 bytes from in 20 ms

au.			172800	IN	NS	m.au.
au.			172800	IN	NS	a.au.
au.			172800	IN	NS	s.au.
au.			172800	IN	NS	c.au.
au.			172800	IN	NS	n.au.
au.			172800	IN	NS	d.au.
au.			172800	IN	NS	r.au.
au.			172800	IN	NS	q.au.
au.			172800	IN	NS	t.au.
au.			86400	IN	DS	18875 8 1 A6362D938429477C0F5E51E1F47A3516B39D281B
au.			86400	IN	DS	18875 8 2 FE773B2F77BB6A6DD31BA27EB19E8F64257937622CAB98F3926EE77F EA2BE79F
au.			86400	IN	DS	43126 8 2 369DA1B3A768FDFD10728830C51B59493C1F74F9CD2254DA63720D52 49B59D4C
au.			86400	IN	RRSIG	DS 8 1 86400 20201216220000 20201203210000 26116 . souitSqHvVXl+LsIosmRWs/lf+YV4twAbfd4klshX1br+kCjh/LmJQFi O8NYORsmWqhfMeathZvVTaH0WgTklFjcWlMocwIl7WteBEYl9Tm08OIS HusPu0nHwcHs5uiXm4yrI67Ty1gXrVr0wmKHUCzASICJ9Zs8LAYmwLVH /hUfPyUDI1pP3/qH5BBZF0KQ9aWq7LpQjI3dsNQZOwS2Ztm4+2MPh7Qf Ndw4TOpw+q7bYkfVh934QivthfzH+XE3AT6ag8KiMrQJwvnfPMJGva69 3WFurQyKtiHlngMHzmVgfOgVu5kt14hBCqPGujlqsb2tSaLzksEu5AwO iIBHFw==
;; Received 1009 bytes from in 98 ms

com.au.			86400	IN	NS	t.au.
com.au.			86400	IN	NS	q.au.
com.au.			86400	IN	NS	r.au.
com.au.			86400	IN	NS	s.au.
com.au.			86400	IN	DS	14185 8 2 9394BEA09F5EBD91384AA5CD0397A6B395FD2B299C7912979243CD68 9BA387DB
com.au.			86400	IN	RRSIG	DS 8 2 86400 20210303222323 20201203220906 6990 au. TPFy5fXZ/csPN2PupblbMKO8SMnWHp4jU9CwMpU8PrXj78PerxGSQL9v l8PXiiYKh1/FbeM+vGfkdeW/FJ/nmDZuxaO+XgBYFQ7l52L952BQVIpn 3L/9nb78NY9kqP2YRWb00nu1rG/QRThaocNNk0uyHKOOUB+U6dfey0gi ll1Vb+/ytgCAxlEQwmK/vZm6pXjZwPGiD9FUB+R87sRwUBTiff5lxpo2 XCI/lWztBw51mYYjQADdREKcAQb5AuN8vE5D9yS1n81CbRJm0tjHPPt/ ppbzeYB0x1pNq05eEk58Ebhj+n+hHpUcXB8YPzke13oqvNuXqKa4e8oP 7PX0Fw==
;; Received 1206 bytes from in 180 ms

macswag.com.au.		900	IN	NS	dns4.p08.nsone.net.
macswag.com.au.		900	IN	NS	dns1.p08.nsone.net.
macswag.com.au.		900	IN	NS	dns3.p08.nsone.net.
macswag.com.au.		900	IN	NS	dns2.p08.nsone.net.
md9i9voubqb55nj87e5v632qbmvr5iou.com.au. 900 IN	NSEC3 1 1 1 D399EAAB MEFD6Q0ERABMQN2RAB50F1HH09I97LQJ  NS SOA RRSIG DNSKEY NSEC3PARAM
md9i9voubqb55nj87e5v632qbmvr5iou.com.au. 900 IN	RRSIG NSEC3 8 3 900 20201225004806 20201203234806 14968 com.au. gDL937eKBAmB3lor5gmOQzxdtAK7RzLnKCsUQJs5gNXIc1OYGZbDWHfc VC+CeLwYW+C/cL/LEPPhn65fgOp2xIiDlyBuuq9AIl/JMn8rpIO2rBY7 7OAMlpHcLEvVEcivD+tyTeQdgZCPQz/r/4ds1j73CP8/hv7A0TqwFoiU ZoA=
k56glqfoe51qqvsra4nofotuu17dleav.com.au. 900 IN	NSEC3 1 1 1 D399EAAB K5OL32SGU16NHHT9OMG30PG71QSC1EM6  NS DS RRSIG
k56glqfoe51qqvsra4nofotuu17dleav.com.au. 900 IN	RRSIG NSEC3 8 3 900 20201222151720 20201201141720 14968 com.au. n5IASE2YaKQUv8TpfFUVrWiWgsg1RszNmElM0pAU2R6BWcto1sqpHKOM jh0ybBM9TnqcEl42WNRC0YiYdYaTQ8keiDxYQ/WKF6Voe39+vjw4t0FY J7Uz7Po1V5e+e/u7l3CLf81KtxQmVwzPP3MMO8uh20i8/42/LpgrY2Tg lQk=
;; Received 636 bytes from in 86 ms

shop.macswag.com.au.	3600	IN	A
;; Received 64 bytes from in 20 ms

You can see in the query above, the correct IP address is returned and the origins for the authoritative records. The query above is correct.

Now we need the same data from the mobile device returning not found. I don’t know how that is done for your particular device though. You will need to find a way to get this data from the mobile device itself.

Once you have that information, please attach it here and I’ll be happy to examine it.

Hi @luke,

Thanks for getting back to me I am unable to do a complete search like your above however both tests I run on my iPhone shows that it is working fine. One really weird issue I am now facing is that the site does not work (the same issue the not found), however when I use my 4G instead of my home network it works totally fine. Is this issue associated with the DNS or where can I get more information for this?

Also sorry for asking this but are you able to test it on your mobile phone to check if it is working for you on the mobile. Thanks again for the help.

Kind Regards

@HitPixel If it shows up on any device, that indicates that the code and the Netlify network are doing their job, and that the cause is elsewhere, such as local caching, VPN issues, etc.

However, shop.MacSwag.com.au is still not running on Netlify, as the server shows Apache.

Hi, @HitPixel. About this:

Yes, this is a DNS issue and the only place to get this information is the device where the issue is occurring. You must get the recursive DNS lookup details from that device. Without that information I cannot troubleshoot this.

Your mobile device is getting the wrong DNS response but I don’t know why without more information.