Codeberg/Community
54
325
Fork
You've already forked Community
12

Issue with www. subdomain of site hosted on codeberg pages #1855

Closed
opened 2025年04月19日 14:28:52 +02:00 by hossein · 4 comments

Comment

Hi!

Despite the fact that my .domains file has both my domain and its www subdomain, and the fact that I have set up a correct CNAME and TXT record for my domain

$ dig www.hossein.me
;; ANSWER SECTION:
www.hossein.me.		300	IN	CNAME	main.pages.hossein.codeberg.page.
main.pages.hossein.codeberg.page. 300 IN A	217.197.84.141

I have a problem where a TLS cert is not issued for my www subdomain, and I also get "Failed Dependency (Error 424)! "could not obtain repo owner from custom domain"" after accepting the TLS security risk.

Thanks in advance.

### Comment Hi! Despite the fact that my [.domains file](https://codeberg.org/hossein/pages/src/branch/main/.domains) has both my domain and its www subdomain, and the fact that I have set up a correct CNAME and TXT record for my domain ``` $ dig www.hossein.me ;; ANSWER SECTION: www.hossein.me. 300 IN CNAME main.pages.hossein.codeberg.page. main.pages.hossein.codeberg.page. 300 IN A 217.197.84.141 ``` I have a problem where a TLS cert is not issued for my www subdomain, and I also get "Failed Dependency (Error 424)! "could not obtain repo owner from custom domain"" after accepting the TLS security risk. Thanks in advance.

Please check again.

Please check again.
Author
Copy link

Nope, it still doesn't work. Here's curl -4 -Lv https://www.hossein.me:

* Host www.hossein.me:443 was resolved.
* IPv6: (none)
* IPv4: 217.197.84.141
* Trying 217.197.84.141:443...
* GnuTLS priority: NORMAL:-ARCFOUR-128:-CTYPE-ALL:+CTYPE-X509:-VERS-SSL3.0
* ALPN: curl offers h2,http/1.1
* found 152 certificates in /etc/ssl/certs/ca-certificates.crt
* found 458 certificates in /etc/ssl/certs
* SSL connection using TLS1.3 / ECDHE_RSA_AES_128_GCM_SHA256
* server certificate verification OK
* server certificate status verification SKIPPED
* SSL: certificate subject name (*.codeberg.page) does not match target hostname 'www.hossein.me'
* closing connection #0
curl: (60) SSL: certificate subject name (*.codeberg.page) does not match target hostname 'www.hossein.me'
More details here: https://curl.se/docs/sslcerts.html

I even tried using a web proxy:
https://www.croxyproxy.com/

Even there it fails.

Nope, it still doesn't work. Here's `curl -4 -Lv https://www.hossein.me`: ``` * Host www.hossein.me:443 was resolved. * IPv6: (none) * IPv4: 217.197.84.141 * Trying 217.197.84.141:443... * GnuTLS priority: NORMAL:-ARCFOUR-128:-CTYPE-ALL:+CTYPE-X509:-VERS-SSL3.0 * ALPN: curl offers h2,http/1.1 * found 152 certificates in /etc/ssl/certs/ca-certificates.crt * found 458 certificates in /etc/ssl/certs * SSL connection using TLS1.3 / ECDHE_RSA_AES_128_GCM_SHA256 * server certificate verification OK * server certificate status verification SKIPPED * SSL: certificate subject name (*.codeberg.page) does not match target hostname 'www.hossein.me' * closing connection #0 curl: (60) SSL: certificate subject name (*.codeberg.page) does not match target hostname 'www.hossein.me' More details here: https://curl.se/docs/sslcerts.html ``` I even tried using a web proxy: https://www.croxyproxy.com/ Even there it fails.

Retrieving the CNAME record gives inconsistent results for www.hossein.me according to the DNS resolver.

Retrieving the CNAME record gives inconsistent results for `www.hossein.me` according to the DNS resolver.
Author
Copy link

@Gusted wrote in #1855 (comment):

Retrieving the CNAME record gives inconsistent results for www.hossein.me according to the DNS resolver.

You are absolutely correct.

For posterity:
I had unknowingly misconfigured my domain. If you assign a CNAME to the apex in Cloudflare it will preform CNAME flattening which means it will return A and AAAA records and not CNAME if asked about your apex.

So to sum it up: On Cloudflare, if you make a CNAME record to your apex and then make a CNAME from www. to your apex, Codeberg won't be able to find out which site it must show.

@Gusted wrote in https://codeberg.org/Codeberg/Community/issues/1855#issuecomment-3858591: > Retrieving the CNAME record gives inconsistent results for `www.hossein.me` according to the DNS resolver. You are absolutely correct. For posterity: I had unknowingly misconfigured my domain. If you assign a CNAME to the apex in Cloudflare it will preform _CNAME flattening_ which means it will return A and AAAA records and not CNAME if asked about your apex. So to sum it up: On Cloudflare, if you make a CNAME record to your apex and then make a CNAME from `www.` to your apex, Codeberg won't be able to find out which site it must show.
Sign in to join this conversation.
No Branch/Tag specified
main
No results found.
Labels
Clear labels
accessibility

Reduces accessibility and is thus a "bug" for certain user groups on Codeberg.
bug

Something is not working the way it should. Does not concern outages.
bug
infrastructure
Errors evidently caused by infrastructure malfunctions or outages
Codeberg

This issue involves Codeberg's downstream modifications and settings and/or Codeberg's structures.
contributions welcome

Please join the discussion and consider contributing a PR!
docs

No bug, but an improvement to the docs or UI description will help
duplicate

This issue or pull request already exists
enhancement

New feature
infrastructure

Involves changes to the server setups, use `bug/infrastructure` for infrastructure-related user errors.
legal

An issue directly involving legal compliance
licence / ToS

involving questions about the ToS, especially licencing compliance
please chill
we are volunteers
Please consider editing your posts and remember that there is a human on the other side. We get that you are frustrated, but it's harder for us to help you this way.
public relations

Things related to Codeberg's external communication
question

More information is needed
question
user support
This issue contains a clearly stated problem. However, it is not clear whether we have to fix anything on Codeberg's end, but we're helping them fix it and/or find the cause.
s/Forgejo

Related to Forgejo. Please also check Forgejo's issue tracker.
s/Forgejo/migration

Migration related issues in Forgejo
s/Pages

Issues related to the Codeberg Pages feature
s/Weblate

Issue is related to the Weblate instance at https://translate.codeberg.org
s/Woodpecker

Woodpecker CI related issue
security

involves improvements to the sites security
service

Add a new service to the Codeberg ecosystem (instead of implementing into Gitea)
upstream

An open issue or pull request to an upstream repository to fix this issue (partially or completely) exists (i.e. Gitea, Forgejo, etc.)
wontfix

Codeberg's current set of contributors are not planning to spend time on delegating this issue.
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
2 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
Codeberg/Community#1855
Reference in a new issue
Codeberg/Community
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?