I have an HTTPS DNS record for fanaka.pro, pointing at readthedocs.io. My zone file:
fanaka.pro. 3600 IN HTTPS 0 readthedocs.io. fanaka.pro. 3600 IN NS ns1.desec.io. fanaka.pro. 3600 IN NS ns2.desec.org. fanaka.pro. 300 IN SOA get.desec.io. get.desec.io. 2025080201 86400 3600 2419200 3600 www.fanaka.pro. 3600 IN CNAME readthedocs.io. - https://www.fanaka.pro works as expected
- https://fanaka.pro does not (my browser variously says it can't make a secure connection, or that "the server unexpectedly dropped the connection").
According to https://www.nslookup.io/domains/fanaka.pro/dns-records/https/:
QUESTION dig @ns2.desec.org. fanaka.pro. HTTPS ANSWER fanaka.pro. 3600 HTTPS 0 readthedocs.io. AUTHORITY ADDITIONAL . 0 OPT ; payload 1400, xrcode 0, version 0, flags 0 Which looks correct. Running it locally I get a similar result (I had to install a newer version of dig, that supports HTTPS records):
fanaka.pro. 3600 IN HTTPS 0 readthedocs.io. What does that suggest and what should my next debugging step be?
https://fanaka.pro does not (my browser variously says it can't make a secure connectiondoes it work without the HTTPS record? If so, the problem isn't the HTTPS DNS record.Plain fanaka.pro doesn't work.The certificate needs thefanaka.proname in the Subject Alternative Names.