DNS SSL subdomain request

As per this post (Custom Subdomain SSL), I am requesting SSL for custom subdomains for my account.

Sure, just tell us what hostnames you’ve configured, and we’ll confirm that the setup is as needed and then configure for you.

Looking for SSL on rss.deltazeus.com

you’d have to successfully deploy that branch, before we can point to it, and before we can get an SSL certificate for its associated hostname.

It’s not a branch, it’s a CNAME pointing to an S3 bucket.

As an aside, I would have liked to have not done this but since I can’t write files back to the web directory after the site is deployed, I’d had to find another solution in writing to S3.

Ah, if AWS hosts it, you’ll have to get a certificate there. We can only provide certificates for content that we host (give directly to the browser).

Our deploys are intentionally atomic, so no surprise that you can’t “write to them after deploy” - that’s entirely opposite to our hosting philosophy :slight_smile:

So if I have the subdomain in the DNS here at Netlify and the domain is masked to show content from the S3 bucket, I still need to request the certificate at AWS?

Not sure what “masked” means to you, but if the CNAME’s value is something.netlfy.com we can get a cert; if it’s something at AWS, we cannot.

Maybe if I show you my current DNS here at Netlify, it’ll help explain


As you can see, everything DNS that is related to deltazeus.com is handled here at Netlify. The two bottom records seem to be auto-created once I link my domain to Netlify. The nameservers at my registrar are also pointing to Netlify’s. Since my DNS is being managed elsewhere (Netlify) my registrar can’t do any subdomain routing. This is why (I assume) it’ll be handled here.

While rss.deltazeus.com does serve the content that I’m expecting, it does not have SSL. I’ve applied for a SSL cert through AWS for rss.deltazeus.com, so I’m trying to verify who (Netlify or AWS) should possess the SSL in this configuration?

@ddamato, we only handle the DNS for the rss.deltazues.com domain. The HTTP responses are handled by AWS and the SSL is negotiated by the HTTP server, not the DNS server.

So, in this case, the SSL certificate will need to be installed at AWS for that subdomain and not at Netlify.

Ok, looks like I’ll need to link the SSL Cert to CloudFront in AWS. Let’s see if that works. Thanks for the clarification.