SSL of a subdomain

I am sure I did something wrong.

I created a CNAME that looks like this is my DO droplet.

http works fine, but https does not. Any advice?


You’re telling DNS that it is a CNAME, but you’re pointing it towards an A record instead (IPv4). Change the record from CNAME to A.

Netlify will not handle the SSL certificate for your subdomain that is hosted on DigitalOcean, you need to deploy a SSL certificate on the droplet itself for the subdomain in question; perhaps with Certbot and Lets Encrypt?


Oh ok. that makes sense.

Certbot is deprecated now in new ubuntu. Lets Encrypt is what i’ll use. Although, I do have like 6 extra certs in my namecheap account.

So I did setup it up as an A record. But it never resolved. Moved it to CNAME, and resolved fine.

Certbot is just a tool on top of Let’s Encrypt, in the end it’s still a Let’s Encrypt certificate you’re getting. I suggested Certbot, as it’s my preference, but what you prefer to deploy the Let’s Encrypt certificate, is entirely up to you :slight_smile:

Entering an IPv4 as a CNAME is technically never valid, I’m kind of surprised that Netlify let’s you do this at all, either they don’t validate the input or they have done some “magic” behind the scenes to dummy things down. I would consider it a bug, but Netlify might see it as a feature. Take a look at

I’m baffled by the fact that an A record doesn’t work, while CNAME, that shouldn’t work, does work. But I can’t help you troubleshoot as long as it’s pointing towards the CNAME, it’s working on my end as well, hard to debug something that’s working :wink:

Oh, I forgot to post back. I changed out the CNAME back to an A.

I think it was this. The A record propagated, after I deleted it and made it CNAME. Making me think that the CNAME worked lol!

It’s all good now. SSL going strong.

1 Like

So glad it is working for you, @Alan_Spurlock. Thanks for sharing your thoughts here, @freddy :slight_smile: