Ssl is applying top level certificate to subdomain

Support
,
1

SSL is not applying to subdomain

Site:

app.cookiecad.com
v2.app.cookiecad.com

Message:

I have set the NS records for app.cookiecad.com to point to netlify. This has then allowed a branch deploy to be linked to v2.app.cookiecad.com. However, the SSL certificate returned is for app.cookiecad.com and is throwing an error in the browser.

How do I get the SSL to update properly for branch subdeploys?

Thanks

2

I’m seeing both app.cookiecad.com and v2.app.cookiecad.com loading securely in the browser. Are you still seeing issues?

3

Hi -

I did the following workaround. I just hope it sticks. I am not sure why I have to do this:

  1. Add the new domain (v1.app.cookiecad.com) as an alias to the main domain.
  2. After a few moments, the SSL is deployed but the domain is pointing to the main branch not the sub-branch
  3. Remove the domain from the list of aliases. It then points back at the branch and the SSL cert loads successfully

I just had to do this again with a second branch (v1 → v1.app.cookiecad.com).

Any idea why I have to do these steps and the SSL is not deployed automatically? The initial behavior is that it uses the app.cookiecad.com certificate, which the browser complains about.

Is my workaround a valid permanent solution?

4

Hi, @napter. That works but there is a faster way. Just click the “Renew certificate” button on the bottom of the site’s domain management page if the SSL does not automatically extend to the new branch subdomain. That would eliminate the steps of removing and adding the domain and replace it with a single button click instead.

Note, one of the requirements for successful SSL provisioning is a successful deploy of the branch before the SSL can be extended. It looks like the first deploy of the branch failed which then prevented the SSL from being provisioned.

So, once a successful branch deploy occurs, clicking that button should be all that is required to extend the SSL.

6

Hi @luke - I just tried that with a new branch, it did not work. Steps:

  • Deployed branch successfully

  • Clicked renew certificate

  • Nothing happens

  • Click add domain and add the domain as an alias

  • Remove domain as an alias

  • This works

7

This is happening because you’re not using Netlify DNS:

cookiecad.com.          172800  IN      NS      ns-15.awsdns-01.com.
cookiecad.com.          172800  IN      NS      ns-1514.awsdns-61.org.
cookiecad.com.          172800  IN      NS      ns-1834.awsdns-37.co.uk.
cookiecad.com.          172800  IN      NS      ns-858.awsdns-43.net.
;; Received 178 bytes from 205.251.192.15#53(ns-15.awsdns-01.com) in 28 ms

You need to use Netlify DNS if you wish to get automated SSL certificates for subdomains, otherwise: [Support Guide] How to use Netlify’s branch deploy feature without Netlify DNS