404 when accessing Netlify site via a CNAME record (DNS not managed by Netlify)

I have a Netlify site at: https://investindonesia2018.netlify.com which I can open fine.

I have a DNS CNAME record pointing to that site. The CNAME record is https://2018.investindonesia.us. (DNS is not managed by Netlify)

I can confirm with ping that the CNAME record is pointing to the Netlify site:

$ ping 2018.investindonesia.us
PING investindonesia2018.netlify.com (104.248.120.187): 56 data bytes
64 bytes from 104.248.120.187: icmp_seq=0 ttl=57 time=32.081 ms
64 bytes from 104.248.120.187: icmp_seq=1 ttl=57 time=37.841 ms
64 bytes from 104.248.120.187: icmp_seq=2 ttl=57 time=23.941 ms
64 bytes from 104.248.120.187: icmp_seq=3 ttl=57 time=30.563 ms

But when I access it via the CNAME record, it seems like (Netlify) returns 404?

$ curl -v https://2018.investindonesia.us
* Rebuilt URL to: https://2018.investindonesia.us/
*   Trying 104.248.120.187...
* TCP_NODELAY set
* Connected to 2018.investindonesia.us (104.248.120.187) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/cert.pem
  CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server accepted to use h2
* Server certificate:
*  subject: CN=*.investindonesia.us
*  start date: Sep 19 16:02:27 2019 GMT
*  expire date: Dec 18 16:02:27 2019 GMT
*  subjectAltName: host "2018.investindonesia.us" matched cert's "*.investindonesia.us"
*  issuer: C=US; O=Let's Encrypt; CN=Let's Encrypt Authority X3
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x7fb2c3800800)
> GET / HTTP/2
> Host: 2018.investindonesia.us
> User-Agent: curl/7.54.0
> Accept: */*
>
* Connection state changed (MAX_CONCURRENT_STREAMS updated)!
< HTTP/2 404
< cache-control: max-age=30, public
< content-length: 9
< content-type: text/html; charset=utf-8
< date: Thu, 31 Oct 2019 17:09:43 GMT
< strict-transport-security: max-age=31536000
< x-content-type-options: nosniff
< x-frame-options: ALLOWALL
< x-request-id: 52bae1c1-21ae-44ce-ad75-8f0c91a33b16
< x-runtime: 0.008440
< age: 0
< server: Netlify
< x-nf-request-id: 4b132918-8edb-4dee-b1a1-5cc4a8b81c07-964359
<
* Connection #0 to host 2018.investindonesia.us left intact
Not Found

Accessing it via the Netlify URL directly is working fine:

$ curl -v https://investindonesia2018.netlify.com
* Rebuilt URL to: https://investindonesia2018.netlify.com/
*   Trying 142.93.122.177...
* TCP_NODELAY set
* Connected to investindonesia2018.netlify.com (142.93.122.177) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/cert.pem
  CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server accepted to use h2
* Server certificate:
*  subject: C=US; ST=ca; L=San Francisco; O=Netlify, Inc; CN=*.netlify.com
*  start date: Jul  3 00:00:00 2019 GMT
*  expire date: Jul  7 12:00:00 2020 GMT
*  subjectAltName: host "investindonesia2018.netlify.com" matched cert's "*.netlify.com"
*  issuer: C=US; O=DigiCert Inc; CN=DigiCert SHA2 Secure Server CA
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x7fd0ac80b200)
> GET / HTTP/2
> Host: investindonesia2018.netlify.com
> User-Agent: curl/7.54.0
> Accept: */*
>
* Connection state changed (MAX_CONCURRENT_STREAMS updated)!
< HTTP/2 200
< cache-control: public, max-age=0, must-revalidate
< content-type: text/html; charset=UTF-8
< date: Fri, 01 Nov 2019 02:30:03 GMT
< etag: "006baee9d0419051a1577ff2bde24a7c-ssl"
< strict-transport-security: max-age=31536000
< age: 0
< server: Netlify
< x-nf-request-id: e37aec7c-baa5-427a-87a7-ed1fc4da767f-1231903

<the rest of the response>

Could someone help me figuring out the issue? Thanks!

Sure! We only serve content for hostnames that are configured at Netlify. We don’t have to manage DNS, or buy the domain for you, but the name must be applied to a site, in its domain settings UI. If it isn’t - we don’t know what site to serve! DNS CNAME is the first half, configuring in our UI is the second.

Once it’s applied to the site (here: https://app.netlify.com/sites/investindonesia2018/settings/domain#custom-domains) then it should work in the browser :slight_smile: