Enabling SSL on Subdomains

Hello,

I was following this guide that was posted by a Netlify support engineer to set up branch subdomains with an external DNS: [Support Guide] How to use Netlify’s branch deploy feature without Netlify DNS

Everything is working on my end, but the last step says that I should reach out to Netlify technical support to extend my SSL cert to my subdomains. Would this be the correct place to post about that and get it extended?

Thanks,
Kyle

Hi Kyle,

Here’s fine. What site is it for, please? If you’d included that detail, I would have already gotten things fixed for you :slight_smile:

Hi,

Sorry about that, I thought it might be linked to my community user.

The site is hula.netlify.com. The domain I use through my DNS is www.hula.com and I have just added dev.hula.com (the subdomain I wish to extend the DNS to). I may add a staging subdomain in the future, so if it’s possible to get a wildcard SSL that would be perfect!

Thank you,
Kyle

@kyle, thanks! We’ve just added dev.hula.com to your SSL cert.

Wildcard certs are only available if you are using netlify to manage your DNS. So you can switch to that or just write us back when you deploy your staging branch!

Sounds good. Thank you for getting to that so quickly!

The SSL cert was working fine 3 days ago, but it looks like it may have been removed from the dev domain. When I visit dev.hula.com, it says the connection is not secure.

Do you know what could have caused this?

Sorry for the trouble.

Hmm, strange. I’ve just tested dev.hula.com in both Chrome and Firefox and I am seeing the cert in both. And I’ve confirmed your DNS is correct. Can you try a hard refresh of your browser, or try a different browser or device and let me know if the issue persists?

It is working again on my end. Not sure what could have caused that, but I did refresh and try a separate browser before posting.

Thank you.

1 Like

Hijacking this thread to ask for the same thing :slight_smile:

The site is lona-frontend.netlify.com (lona.design).
I set up dev.lona.design to point to the branch deploy.

Thank you Laura!
Mathieu

Hi, @mathieudutour, and welcome to our Netlify community site. :+1:

Please feel free to make new topics in the #admin category if this comes up again for faster replies.

First, I do see there is an unused Netlify DNS configuration for this domain here:

https://app.netlify.com/account/dns/lona.design

Please delete that configuration if you are not using Netlify DNS as it will only cause issues. (Note, I do not show that enabled or working at this time. I’m pretty sure it is safe to delete.) The name servers used at not the Netlify control name servers:

lona.design.		172800	IN	NS	ns-1398.awsdns-46.org.
lona.design.		172800	IN	NS	ns-1965.awsdns-53.co.uk.
lona.design.		172800	IN	NS	ns-251.awsdns-31.com.
lona.design.		172800	IN	NS	ns-869.awsdns-44.net.

For third-party DNS, the instructions are found above (and here is a link).

I do show the branch has been deployed. However, I’m not seeing a subdomain which exactly matches the branch name (which is a requirement). The subdomain is dev but the branch name is develop:

dev.lona.design.	3600	IN	CNAME	develop--lona-frontend.netlify.com.

Would you please change the subdomain to match the branch and then let us know. (Changing dev.lona.design to develop.lona.design.)We’ll be able to update the SSL certificate once this is done.

If there are questions, please let us know.

Thanks @luke! It should be all good now

1 Like

Hi, @mathieudutour, that SSL certificate has been extended to include develop.lona.design and that domain name does correctly direct the the branch deploy at Netlify.

If there are other questions or concerns, please let us know.

I was trying to add SSL Certificate to the subdomain I created. The apex domain is ficting.com and subdomain is api.ficting.com. The DNS is managed by Netlify. The SSL certificate works fine on my apex domain.It would be very helpful if I can get any information how to add the SSL to my subdomain

Thanks,
Ali

hi @realabbas , thanks for your patience. do you have a branch deploy that also points to the subdomain?

Hi, @realabbas. I see that api.ficting.com is an A record pointing to some IP address outside of Netlify.

We can only provide the Let’s Encrypt certificates for domain names that direct to Netlify (and api.ficting.com is not directing to our systems).

There is no way to export the Let’s Encrypt SSL certificates from Netlify. If you want to have an SSL certificate for this domain at that IP address, you will need to buy or create your own SSL certificate and upload it to that system.

If there are other questions about this, please let us know.

Hi @luke I seem to have a similar issue - at netlify I have created a CNAME subdomain zamow.youmiko.vg that redirects to external site that has it’s own SSL cert. I would assume zamow.youmiko.vg will be covered by the let’s encrypt cert offered by netlify but it does not seem to be the case. can you help? thanks!

Hi, @michalj, Netlify will only provision SSL certificates for domain names which both:

  • point to our service
  • are added to a site at Netlify

I see this domain name (zamow.youmiko.vg) pointing to Netlify but I don’t show it added to any sites (under Site Name > Settings > Domain management > Custom domains).

If you point it to a Netlify site, we can provide the SSL certificate (for example if you proxy the domain to some other site).

If on the other hand you point the domain name to some third-party service, you will need to contact that service provider to get the SSL certificate working on their service. We can only provision SSL for domains which we are the hosting provider for.

If this domain is added to a Netlify site and it still doesn’t work, please let us know what site this is for. Similarly, if there are any other questions please reply with those anytime.