Site name: https
docs.armory.io is the primary domain, using Netlify DNS.
branch subdomain https
v2-0-to-2-19.docs.armory.io - cert error
Image 2020-06-22 at 11.38.23
Your site has HTTPS enabled
Domains: www.armory.io, *.armory.io, armory.io
Since our docs site is live, I don’t want to click
Update custom certificate or Use Let’s Encrypt certificate without understanding what’s causing the subdcomain cert error.
How do I resolve the subcomain cert error? We will be creating a new subdomain every time we version our documentation (2-3 times/year).
@aimeeu, the SSL certificate used doesn’t cover
The covered domains are:
Note, the wildcard domain (
*.armory.io) only covers that one level of subdomain (one level only under
armory.io. It will cover all of the following:
However, it will not cover any of the following:
You would need to have an SSL certificate which also includes
*.docs.armory.io to cover subdomains under
If there are other questions about this, please let us know.
Thanks for the reply! I inherited this Netlify account so I’m not familiar with how the original was set up.
docs.armoy.io uses Netlify. The Armory engineers configured
docs.armory.io to use Netlify’s domain servers, so that’s why the Domain Management UI states that
docs.armory.io uses Netlify DNS, right?
How do I configure
docs.armory.io to be the only top-level domain, so that Netlify automatically creates a cert for
docs.armory.io and all subdomains of
docs.armory.io that I create using the Branch Subdomain functionality? I’d like for Netlify to manage the site certs; I don’t want to use an external certificate authority.
I also need to:
www.armory.io Netlify site
armory.io domains - will this delete the associated custom certificate?
No, someone misconfigured our system to look like that though! Our DNS hosting is not in use for that domain (it is NOT delegated to us:
$ host -t soa docs.armory.io
docs.armory.io has no SOA record
…so you should remove it so our system works correctly. You can do that here:
Incorrect configuration of our DNS hosting when not used causes incorrect behavior with SSL such as what you’re seeing.
Once you do that, let me know and I can try to update the SSL certificate to include your preferred list of branch subdomains, assuming you have DNS setup (at AWS!) as mentioned in this article:
Last checked by Netlify Support Team on Oct 20, 2022
So - you’ve discovered the concept of
branch subdomains and want to use them! But you can’t use Netlify’s DNS Hosting? Never fear, there is a way to do this and this post will explain how in detail!
Please note, however, that going this route means missing out on single click setup and all the goodness it includes - for example, getting an SSL certificate configured automatically. If you are okay with this downside, or simply cannot use Nel…
You’ll need to ping us with the list after it is configured, and we’ll be able to help get it in place for you in the cert.
@fool Thanks for the detailed response!
At Armory we use Terraform to manage our DNS records. I verified that the
docs.armory.io DNS entry is type “NS” and is indeed delegating to Netlify’s nameservers and thus using Netlify DNS.
Steps I took to resolve the subdomain SSL cert error:
armory.io site that is no longer used; now there is only the
docs.armory.io (armory-docs.netlify.app) site
Switched to the “Let’s Encrypt” certificate
Created a new “archive” branch and configured Netlify to deploy it
Created a new subdomain for the archive branch
Verified that the HTTPS certificate section contained both