Codeberg/Community
62
386
Fork
You've already forked Community
12

Custom domain on Pages — TLS "internal error", cert never issued #2824

Closed
opened 2026年06月29日 19:06:24 +02:00 by FxArbon · 6 comments

Comment

Hi! My Pages site (pages repo under user FxArbon, served on branch pages, working at fxarbon.codeberg.page) has a custom domain felixast.com that won't get a certificate.

DNS: felixast.com → A 217.197.84.141, AAAA 2a0a:4580:103f:c0de::2 (DNS-only, not proxied); www CNAME codeberg.page.
Authorization TXT _git-pages-repository.felixast.com (+ .www) → https://codeberg.org/FxArbon/pages.git.
The domain is recognized — fxarbon.codeberg.page 307-redirects to felixast.com.
But HTTPS to felixast.com fails the TLS handshake with tlsv1 alert internal error — no certificate is ever served. No CAA records, DNSSEC off.
Could you check the cert-issuance error for felixast.com on the pages server? Thanks!

### Comment Hi! My Pages site (pages repo under user FxArbon, served on branch pages, working at fxarbon.codeberg.page) has a custom domain felixast.com that won't get a certificate. DNS: felixast.com → A 217.197.84.141, AAAA 2a0a:4580:103f:c0de::2 (DNS-only, not proxied); www CNAME codeberg.page. Authorization TXT _git-pages-repository.felixast.com (+ .www) → https://codeberg.org/FxArbon/pages.git. The domain is recognized — fxarbon.codeberg.page 307-redirects to felixast.com. But HTTPS to felixast.com fails the TLS handshake with tlsv1 alert internal error — no certificate is ever served. No CAA records, DNSSEC off. Could you check the cert-issuance error for felixast.com on the pages server? Thanks!

I am experiencing the same issue with my domain, https://sarnart.dev.

All of my webhook deliveries fail with: "Delivery: Post "https://sarnart.dev": remote error: tls: internal error"

Issue #2822 looks to be a related (or identical) problem.

Any next steps we can take to try and resolve this? Thanks for the assist!

I am experiencing the same issue with my domain, https://sarnart.dev. All of my webhook deliveries fail with: "Delivery: Post "https://sarnart.dev": remote error: tls: internal error" Issue #2822 looks to be a related (or identical) problem. Any next steps we can take to try and resolve this? Thanks for the assist!

@FxArbon I don't see that you've configured a webhook?

@nullish the first time needs to be done via http:// for custom domains.

@FxArbon I don't see that you've configured a webhook? @nullish the first time needs to be done via `http://` for custom domains.

Thanks for the tip. Here's what I tried:

I am not entirely sure what the complaint is here, as I do have the needed TXT records for _git-pages-repository.sarnart.dev set to e.g. https://codeberg.org/nullish/repository.git.

Maybe that needs to be http as well? I will try that and test again...nope, that didn't do it: "clone URL not in allowlist [http://codeberg.org/nullish/repository.git]".

@Gusted am I misunderstanding what you're telling me to do, or did I miss a different step somewhere along the way? Thanks again.

Thanks for the tip. Here's what I tried: - Changed webhook URL to http://sarnart.dev - Tested delivery - Error received: clone URL not in allowlist [https://codeberg.org/nullish/repository.git] I am not entirely sure what the complaint is here, as I do have the needed TXT records for _git-pages-repository.sarnart.dev set to e.g. https://codeberg.org/nullish/repository.git. Maybe that needs to be http as well? I will try that and test again...nope, that didn't do it: "clone URL not in allowlist [http://codeberg.org/nullish/repository.git]". @Gusted am I misunderstanding what you're telling me to do, or did I miss a different step somewhere along the way? Thanks again.

Try setting the TXT record value to https://codeberg.org/nullish/pages.git

Try setting the TXT record value to `https://codeberg.org/nullish/pages.git`

@Gusted Thank you for catching my mistake. I'm facepalming pretty hard right now for missing that. I did get a successful HTTP delivery and subsequent HTTPS delivery. Woohoo! 😺

@Gusted Thank you for catching my mistake. I'm facepalming pretty hard right now for missing that. I did get a successful HTTP delivery and subsequent HTTPS delivery. Woohoo! 😺
Author
Copy link

@Gusted Thank You a lot! Quick fix and straightforward from there. ✌️
I'll close this one.

@nullish Cool that we also could solve yours 💪

@Gusted Thank You a lot! Quick fix and straightforward from there. ✌️ I'll close this one. @nullish Cool that we also could solve yours 💪
Sign in to join this conversation.
No Branch/Tag specified
main
No results found.
Labels
Clear labels
accessibility
Reduces accessibility and is thus a "bug" for certain user groups on Codeberg.
bug
Something is not working the way it should. Does not concern outages.
bug
infrastructure
Errors evidently caused by infrastructure malfunctions or outages
Codeberg
This issue involves Codeberg's downstream modifications and settings and/or Codeberg's structures.
contributions welcome
Please join the discussion and consider contributing a PR!
docs
No bug, but an improvement to the docs or UI description will help
duplicate
This issue or pull request already exists
enhancement
New feature
infrastructure
Involves changes to the server setups, use `bug/infrastructure` for infrastructure-related user errors.
legal
An issue directly involving legal compliance
licence / ToS
involving questions about the ToS, especially licencing compliance
please chill
we are volunteers
Please consider editing your posts and remember that there is a human on the other side. We get that you are frustrated, but it's harder for us to help you this way.
public relations
Things related to Codeberg's external communication
question
More information is needed
question
user support
This issue contains a clearly stated problem. However, it is not clear whether we have to fix anything on Codeberg's end, but we're helping them fix it and/or find the cause.
s/Forgejo
Related to Forgejo. Please also check Forgejo's issue tracker.
s/Forgejo/migration
Migration related issues in Forgejo
s/Pages
Issues related to the Codeberg Pages feature
s/Weblate
Issue is related to the Weblate instance at https://translate.codeberg.org
s/Woodpecker
Woodpecker CI related issue
security
involves improvements to the sites security
service
Add a new service to the Codeberg ecosystem (instead of implementing into Forgejo)
upstream
An open issue or pull request to an upstream repository to fix this issue (partially or completely) exists (i.e. Forgejo, Weblate, etc.)
wontfix
Codeberg's current set of contributors are not planning to spend time on delegating this issue.
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
3 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
Codeberg/Community#2824
Reference in a new issue
Codeberg/Community
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?