Cloudflare NS records for the subdomain (subdomain that serves as subdomain for deploy previews) to Netlify name servers. This tutorial Automatic deploy subdomains | Netlify Docs
Netlify admin panel is saying that domain configuration is correct and domain configured properly (I see Netlify DNS notification near this domain)
HTTPS section is saying that everything is right as well. I see correct domain in the certificate section but a specific deploy preview website is serving with incorrect SSL certificate (this certificate points only to *.netlify.app domain).
I don’t use custom certificate, only the default Let’s Encrypt option.
Domain was configured 1 week ago, so TTL shouldn’t be a reason here imo
Original Netlify domain: streamflow-staging-preview.netlify.app
My custom domain that’s delegated to Netlify with NS records is preview-beta.streamflow.finance
This custom subdomain works correctly all the way, branches are deploying, and they have assigned branch URLs, except for the SSL certificate.
Attaching a part of the DNS configuration at Cloudflare that relates to this custom subdomain
The very first ssl checker at google search is saying SSL Checker that we have a name mismatch, so looks like subjects are different with curl and browsers and web tools?
I see same error in all my browsers (google chrome, firefox, safari).
Name mismatch:
Hi, @RomSF. The Automatic deploy subdomains feature only works if you delegate an apex domain or one of its subdomains to Netlify DNS. Quoting that page:
Domain requirements
The custom domain you set as your automatic deploy subdomain must be managed by Netlify DNS and available to your team.
You have not delegated any domains or subdomains to Netlify DNS and that is why this feature is not working.
Since every function works as expected (deploys, associated domains like deploy-preview-XXX.preview-beta…, PR notifications, etc.) I assume that the subdomain’s authority is correctly passed to Netlify.
Is it working differently? Am I missing anything here?
I cannot delegate apex domain tho, because of other things configured there.
That marker indicates that their is a Netlify DNS Zone, however, it doesn’t necessarily mean DNS is configured correctly. For the apex domain the DNS Zone is inactive:
dig streamflow.finance NS +trace | tail -n 6
;; Received 612 bytes from 65.22.21.10#53(v0n1.nic.finance) in 109 ms
streamflow.finance. 86400 IN NS harvey.ns.cloudflare.com.
streamflow.finance. 86400 IN NS may.ns.cloudflare.com.
;; Received 103 bytes from 2803:f800:50::6ca2:c398#53(harvey.ns.cloudflare.com) in 43 ms
With the cloudflare.com name servers configured instead of the Netlify name servers mentioned here: Netlify App
For preview-beta.streamflow.finance I’m seeing mixed results, however, the received is coming from cloudflare:
dig preview-beta.streamflow.finance NS +trace | tail -n 6
preview-beta.streamflow.finance. 300 IN NS dns4.p08.nsone.net.
;; Received 149 bytes from 172.64.32.135#53(may.ns.cloudflare.com) in 31 ms
This Support Guide explains what an inactive DNS Zone is and how to fix it:
Netlify DNS notification near this domain)
