Sub domain SSL Request

Please can I have a SSL certificate to include the new branch sub-domain:

This is as per the article:

Hi, @sol3uk. Before I can proceed, the inactive DNS zone here must be deleted:

There is more about why this is required here:

​Please let us know when the DNS zone is deleted (or activated) and we can proceed with activating SSL for the branch subdomain.

I’m not sure which one was causing an issue but I think I have deleted this?
I deleted the “” one?

@luke :slight_smile:

Hey there, @sol3uk ! :wave:

We have extended an SSL certificate. You should be good to go now! Please reply to this thread if you have any additional questions related to this.

1 Like

Hi, @sol3uk. You still have an inactive DNS zone and this will break any SSL certificate renewals.

The DNS zone is here:

However, you are not using Netlify DNS for this domain:

$ whois | grep -i 'name server'

Also, the external DNS configuration is also wrong:   		3600	IN	A		3600	IN	CNAME

This should actually be this:   		3600	IN	A		3600	IN	CNAME

Also, because the apex is using the A record, the www subdomain should be made primary here:

At this time the apex is primary and this means your site uses a single IP address instead of using our ADN nodes around the world for fastest performance.

If there are other questions, please let us know.

1 Like

Hi @luke,
Thanks for the info. I’m still a little confused what you mean by inactive DNS zone, I’ve tried to read up on this but finding it a bit tricky.
Are you referring to one of these DNS records?

Which one would I need to delete? Do I need to delete both?

Thanks so much for your help with the external DNS as well, much appreciated! :grinning_face_with_smiling_eyes:
I would really love to take advantage of your ADN nodes for better performance but I’m not sure how I’d go about this, I assume I would need to fully switch over my DNS records and do the steps in this guide? Delegate your domain to Netlify | Netlify Docs

Would you personally know of any good resources for learning more about DNS records and network setup? I would love to get more acquainted but all the resources I’ve found so far look pretty ancient :sob:

Thanks in advance!

Hi, @sol3uk. The support guide linked to above explains this in more detail.

To summarize, to delete the inactive zone (one of the two possible solutions), you click the “Delete DNS zone” button found on the page below:

Regarding DNS related instructional material, the book below is one of my favorites:

TCP/IP Clearly Explained

Chapters 7 and 8 (named “Meet Joe’s Packets” and “The Domain Name System”) are incredible in their in-depth examination of exactly how HTTP and DNS function. I cannot recommend that book, and those two chapters in particular, highly enough. (If reading 7 and 8, you should probably read the chapters before them as well but they can be read as stand-alone chapters.)

If you want to use the full ADN with the external DNS instructions the steps required follow. Note, this is all done with the DNS for your registrar and assumes you have deleted the Netlify DNS zone.

1. Delete this CNAME:		3600	IN	CNAME

2. Add this CNAME record:		3600	IN	CNAME

3. Move to the “primary custom domain” here:

The screenshot below is to clarify:

This will make www the primary custom domain and move traffic off of and on to the many CDN nodes around the world (with site visitors automatically being routed to their closest ADN node).


Thank you so much for your help! I think I’ve got this all set up correctly now?

I will definitely look into your recommendation, I can’t thank you enough @luke!! :smiley:

P.S. This was one of the best support experiences ever!


Hi, @sol3uk. Thank you for the kind words and I’m glad it was helpful.! :+1:

Yes, DNS is perfect now:

Name server records (type = NS):		3599	IN	NS		3599	IN	NS

Records for the apex domain:		3599	IN	A

Records for www subdomain:		3599	IN	CNAME	19	IN	A	19	IN	A

You can see all different IP addresses returned around the world with this check (it does DNS lookups from different locations as a test):

Note, if you check with the apex, it is always the same IP address (much different than the www subdomain):

This is why we don’t recommend making the apex primary. Making www primary is what enabled the full ADN to be used. Making the www primary will now serve the site from different IP addresses around the world (the IP addresses for the nearest ADN node).

To summarize: SUCCESS!!!

1 Like