Hi! I’m happily using Netlify, and I’m on the Netlify DNS (i think) with the custom domain option (www.blacktoad.pub).
But, I’m hosting a database on a different server (220.127.116.11), and I’ve installed a REST api on that, accessible via HTTP. (To be exact, PostgreSQL+PostgREST). I now need to add SSL, and in order to do so, I need a hostname.
Thus, I’d like to have a subdomain, api.blacktoad.pub point to that server. But I’m getting so confused by all the DNS options. Do I have to set this up at Netlify? Or perhaps at Porkbun, where I got my domain?
Any help is greatly appreciated!
Netlify site name:
hey @Kit_Zeller, i moved your post over here, as you are actually asking some similar questions as @martin.m.riley is. I think we can all figure this out together. Could you start by reading the post I linked above for some background info?
Been a while since I set this all up, never really planned on adding a subdomain, thus I’m a bit hazy on some of the things I did months ago.
But anyway, let’s break the challenge down into smaller bits and factoids:
I’m 99% sure I’m already using Netlify DNS, as in my domain settings tab, there’s a label saying “Netlify DNS”. Also, Porkbun reports I’m using dns1.p08.nsone .net to dns4.p08.nsone .net, which I believe are Netlify nameservers.
Netlify DNS tab reports:
api.blacktoad.pub3600 IN NETLIFYpedantic-goldwasser-502553.netlify.app
blacktoad.pub3600 IN NETLIFYpedantic-goldwasser-502553.netlify com
www.blacktoad.pub3600 IN NETLIFYpedantic-goldwasser-502553.netlify com
The api subdomain is the one I freshly created.
Netlify HTTPS tab reports:
Your site has HTTPS enabled
Furthermore, Porkbun reports:
10 443 webmail.porkbun .com
v=spf1 mx ~all
But it also says:
“Your domain is not currently using our default name servers and this functionality requires it. Would you like us to update your domain to use our name servers?”
Now, what I need is
That api.blacktoad.pub points to a non-netlify server.
That api.blacktoad.pub supports SSL.
A hypothesis I have is that I have to plug in the api subdomain at Porkbun, having it point at the non-netlify server. But is that going to work when the DNS is handled by Netlify?
How do you point a subdomain to a server outside of Netlify?
How do you get SSL working for that server?
For the first question, the answer is that you will create an A or CNAME record with Netlify DNS that points that subdomain to the other server.
A records point to IP addresses. CNAME records point to other domain names. Which to use depends on the other server and how it is configured. The other hosting company should have documentation about the DNS records required.
Once you know the records to create, add them to the Netlify DNS zone.
In other words, you need to tell us what DNS records are needed. We don’t know. Once you tell us what is needed, we can help get the DNS records working at Netlify. The API hosting company should be able to tell you what records are needed.
For the second question, the answer is that you will need to get an SSL certificate on your own. Netlify does not provide SSL certificates for domains not hosted at Netlify. While www.blacktoad.pub and blacktoad.pub are hosted at Netlify, the server for api.blacktoad.pub won’t be.
For that subdomain api.blacktoad.pub you must acquire your own SSL certificate. The SSL certificates provisioned at Netlify cannot be exported from our service.
The two primary solutions that I know of for a third-party SSL certificates are:
purchase an SSL certificate certificate authority
use Let’s Encrypt’s certbot tool to provision the SSL certificate manually on that server (if you can access a shell on the API server)
If there are other questions, @Kit_Zeller, please let us know.
@martin.m.riley, you seem to be all squared away. Is that correct? If there are any unresolved issues, please reply anytime and we’ll keep working on this.
Wow, that was surprisingly easy and painless! Recap, all I had to do is add an A-record to the Netlify DNS settings, pointing to my IP. On the other server I had to run Certbot, but that was also a breeze.
The only snag was that I had already created a subdomain on Netlify called api, which, after deleting it wasn’t removed from the Netlify DNS and couldn’t be edited, so I had to use a different subdomain name. Maybe @luke or @perry could look into that, seems might this might be a bug on Netlify side.
We have more information about the NETLIFY and NETLIFYv6 type DNS records here:
Please read that support guide above for an in-depth explanation of how these records behave with our service. The three key points there are summarized as:
These records are locked by default and can be unlocked by our support team.
These records only connect domain names to IP addresses.
These records do not control which site the domain name is linked to (if any).
You can delete any of those records now. This only affects existing records. If other records cannot be deleted in the future, please let us know and we’ll unlock those as well.
I also want to thank you for taking the time to let us know that you used certbot and how you configured the DNS to make that successful.
While we appreciate the follow-up it will be particularly helpful for other people searching this community site. Seeing the solution that worked for someone can help other people with similar issues and I’m sure those finding this answer in their searches will appreciate it even more than we do. (This answer of using certbot doesn’t just apply to Netlify DNS either. It works with any DNS service and virtual servers with shell access.)