Security Issue with Domain Alias

simonhrogers · November 13, 2019, 2:17pm

Hi there,

I get a security warning on my project when visiting it at the following URL:

This is setup as a domain alias in the Netlify panel and the DNS is changed correctly.

Thanks,

Simon

futuregerald · November 14, 2019, 10:04pm

Hi @simonhrogers, your domain alias wasn’t included in your TLS certificate. We attempt to get new certs when you add aliases but if the DNS wasn’t setup properly or TTL on the old records hadn’t expired yet, we can’t always get it on the first try. I went ahead and got you a new cert now that covers your primary domain as well as your alias. Let us know if you have any other questions.

RJGrunau · February 14, 2020, 11:07pm

I am having a similar problem with an alias domain. https://www.straighteightfilms.com. It looks like it is included in the cert, but returns a insecure warning for my client (and anyone else who goes to the site) though not for me when I visit the site.

fool · February 17, 2020, 11:35pm

Hmm, don’t see any reason that might happen on your site, @RJGrunau - does it persist?

I just checked every CDN node and all seem to have a good certificate for both https://www.straighteightfilms.com and https://straighteightfilms.com

If it doesn’t, it is likely that DNS changes were still propagating as Gerald described to the original poster. If it does, something you might ask them is to check the output of:

nslookup www.straighteightfilms.com and nslookup straighteightfilms.com at a command prompt, and let us know what they found - which will help us determine if there is some local DNS misconfiguration on their network.

RJGrunau · February 18, 2020, 7:28pm

Great. Thank you. I think things are working now, I actually went in and removed the domain and readded it making sure to make different aliases for www. and .str…

One last quick Q can I set up MX records for alias domains, or do I need to do a separate build with and set up the MX records there?

fool · February 18, 2020, 8:28pm

You can configure any records you like for any domains we host DNS for; we only automatically make the records for your site(s). Start from your team’s domains tab and configure each as desired:

AFAICT we only host the str8.cc domain so that’s the only one you’d be able to configure here, vs at your DNS provider for any other domain(s).