Problem with Domain Alias

I’ve set up a domain alias for one of my sites, because it had gotten a new domain. The old domain is registered externally but uses the Netlify nameservers. I’ve added the domain as alias to the site and there were 3 DNS records automatically generated. However when I visit the domain I get an error page, specifying: Websites bestätigen ihre Identität mittels Zertifikaten. Firefox vertraut dieser Website nicht, weil das von der Website verwendete Zertifikat nicht für johassenstein[.]de gilt. Das Zertifikat gilt nur für folgende Namen: *.netlify[.]com, netlify[.]com

Which is in english: Firefox doesnt trust this site, because it’s certificate is only valid for * and

Problem is the same in different browsers and incognito mode.

These are the DNS records:
*.olddomain[.]de 3600 IN ALIAS newdomain.netlify[.]com
olddomain[.]de 3600 IN ALIAS newdomain.netlify[.]com
www.olddomain[.]de 3600 IN ALIAS newdomain.netlify[.]com

The serve as linkescape, otherwise forum will not let me create post. They are not part of the actual DNS records.
The site then uses a custom domain, that is set as a primary domain.

What have I done wrong?



@johannes.hassenstein Welcome to the Netlify community. Without the actual names of your custom domains, it’s going to be difficult for others to help you troubleshoot this issue.

One thing you can change right away is from to, although I doubt this will fix your issue.

Okay I’ll definetly do that!


Old-Domain is
New Doman is

@johannes.hassenstein Sorry, but I’m not understanding your situation. – your old domain – does not load for me. – your new domain – loads for me.

When you added as a domain alias, did you go to the Custom Domains section of the dashboard for (which should also show your Netlify subdomain), and click “Add Domain Alias”? If you did, it should have looked like this, only with your domain names.

Also, because you added another custom domain to a site that already had a custom domain assigned to it, the SSL should have attached almost immediately – at least, it always has for me in the past.

However, you also write that three DNS records were automatically generated. That should not have happened. There should have been no additional DNS records created as far as you can see in the Netlify DNS panel. The routing for the new domain alias should have been done internally by Netlify.

I’m experiencing a similar issue with our site. Wanted to post in this thread in case there’s a similar solution…but glad to post as new if it’s different.

We consolidated sites from several domains to use just one domain. The desired domain is We have successfully set up the redirect from the root domain ( to the www, but are struggling to get consistent results in redirecting from another domain ( - set up as a Domain Alias) to

Here’s a screenshot from our Domains panel

We’ve tried a few changes, but haven’t gotten a complete resolution:

  1. Keep both the and Domain Aliases. This results in no redirects, any requests to root or www stay on their respective domain.
  2. Remove both the and Domain Aliases. This results in a 404 page simply with Not Found to return for any requests.
  3. Remove just the Domain Alias. This makes redirects work for the www subdomain, but not the root domain.
  4. Remove just the Domain Alias. This makes redirects work for the root domain, but not for the www subdomain.

Here’s our _redirects file, we’ve tried a few changes here, but not seeing success:

DNS for both domains ( and is hosted with Netlify. Other services (email, etc) are working. SSL is showing both domains.

What else could we try to troubleshoot / fix?

I would try forcing the redirects with 301!. Because of the way the domain aliases are set up, the system looks at the first part of the redirect and sees that there is a file that matches that condition, so serves it up. By forcing the redirect, you should see all requests being served by your primary domain.

Here are the contents of the _redirects file for the site I show in the screen shot above:* 301!* 301!* 301!

@gregraven first of all huge thanks for the quick replies!

Second of all, I managed to solve the problem by removing the third record (the wildcard *.johassenstein). The other two are automatic system records that cannot be changed or deleted, but I must have added this third one to fix the problem, probably creating a new problem, that was covering up, that the old problem I initially tried to fix was already solved by something else.

So yeah, problem solved, why I do not yet understand, but as long as it works…

It seems like that did it for us, thanks for the 301! tip!