Search code examples
sslgoogle-app-enginednssubdomain

DNS records cannot be found for SSL certificate using custom domain on GAE

I am trying to add a custom domain to GAE but Google is struggling to issue an SSL certificate for the naked domain, as it says the DNS records could not be found.

enter image description here

I have tried to map both the naked domain and the www subdomain. When I entered these in the GAE custom domain section I was given 4xA records (above), 4xAAAA records (above), and 1x CNAME record for the www subdomain.

I've entered all of these records at GoDaddy.

The www subdomain in GAE was able to verify the DNS records relatively promptly but the naked domain has not been able to for 4/5 days now.

When I use a DNS lookup tool to check the A records, for the naked domain I see:

enter image description here

...and the four records provided by GAE are there (the other two can't be deleted or edited at GoDaddy). So why is GAE saying the DNS records cannot be found?

And when I use the same tool to lookup the www subdomain I see:

enter image description here

...which I guess must be correct as the certificate has issue without any problems.

If I remove the naked domain from GAE custom domain mapping then users just see a Google generated 404 error message saying the URL was not found on their servers.

Without the SSL, I can navigate to the naked domain using HTTP and I get redirected to the www subdomain (not sure if this is GoDaddy domain forwarding or Django PREPEND_WWW in action - both are setup). But if I try HTTPS on the naked domain, I get a page cannot be displayed due to failing to establish a secure connection, therefore I really need to get to the bottom of the SSL issuing problem.

I am not sure where I am going wrong and would appreciate some suggestions.

Solution

  • The traffic is confused, that is why the naked domain is not working because it was pointing to 2 separate vendors (server) by using the A record one from godaddy and another one from GAE. What you are doing is correct by adding the A record from GAE to your godaddy DNS. However the A record from godaddy must be deleted.

    Based from this link possibly there is a forwarding setup wherein your domain is lock from the godaddy’s A record. It was also mentioned in the link that if you don't have forwarding setup, you can reach for their assistance on this link

    Another possible concern is that a preset has been set on the account that permanently forwards your domain. It was suggested to remove the preset or change the settings of the preset to unlock the A record.