Custom domains, www vs root, http vs https

Suppose I get a custom domain, example.com, and want to use it for example.glitch.me. I’m using NameCheap as my registrar. I’d like to ensure that all of the following URLs work:

  1. http://example.com
  2. http://www.example.com
  3. https://example.com
  4. https://www.example.com

I don’t care much which of those is canonical or how they redirect or anything. As long as clicking on any of them serves my app that’s running at example.glitch.me.

The configuration on the Glitch side seems obvious: I specify both example.com and www.example.com as custom domains.

On my registrar, I set an apex redirect from example.com to www.example.com and a CNAME for www.example.com to glitch.edgeapp.net (per Glitch’s instructions).

That makes some of the 4 variants above work but not all of them. (Extra weird: I’ve tried this with the same configuration for two different domains / Glitch apps and it’s a different subset of the 4 variants that work vs don’t work.)

What’s the right configuration to make all the URL variations work?

What is your registrar? I used godaddy for redirects in the past and they provide SSL errors if you use https on the redirect domain.

NameCheap.

Oh! Interesting update! My “extra weird” parenthetical is no longer true and now it’s just consistently https://example.com that doesn’t work. Specifically:

  1. :white_check_mark: http://example.com redirects to https://www.example.com/ which loads fine
  2. :white_check_mark: http://www.example.com does not redirect and loads fine
  3. :x: https://example.com times out (ERR_CONNECTION_TIMED_OUT)
  4. :white_check_mark: https://www.example.com does not redirect and loads fine

So it’s now just case 3 I need to figure out.

PS: I just had an idea! I’m changing (in my registrar’s config) the root (aka apex aka “@”) redirect to do a masked redirect from example.com to https://example.glitch.me. So far that’s not working but I’m not sure how long DNS takes to propagate. I’m also trying an unmasked redirect which would be less ideal but better than timing out. Stay tuned!

1 Like

Thanks for posting all of this, I’m following along to see what ends up working and not working so I can make sure we update our help doc about this. It’s often hard to tell what the issue is because DNS propagation times are always so arbitrary.

2 Likes

HI @dreev,

Jenn shared your post with me. Setting up custom domains can be tricky - especially since each domain registrar may have a slightly different ui for dns config - but here is what I have found typically helps when you want to set up both an example.com and www.example.com:

  1. Set up an A Record for example.com first, using the instructions that can be found at the bottom of our custom domains help article.
  2. Then, set up the CNAME for www.example.com and point it to example.com.

Let me know if this helps.

2 Likes

FYI server websockets don’t work if you use custom domains

Oh ho! I figured I should avoid this since it requires hardcoding the IP (50.31.246.1), which seemed (at least theoretically) fragile.

But happy to try it!

Oof, unfortunately this seems to have immediately broken all 4 variants, which give an immediate DNS_PROBE_FINISHED_NXDOMAIN error now.

:sob:

Ah, sounds like that’s being discussed in WebSockets do not work on Custom domain? – thanks!

Like Jenn said, its likley a DNS propogation issue. Depending on the host and a few other factors, it can take up to three days for records to update. You can check progress on a website like dnspropogation.net.

https://dnspropagation.net/A/molecall.com

1 Like

The fact that it’s failing everywhere and the TTL was minutes (currently 1 minute) makes me skeptical that I’m just waiting on propagation here. But if no one has other ideas, I shall sit tight for 3 days. If it still doesn’t work by Monday then either @tasha’s instructions are wrong or I misunderstood. (If anything jumps out at you from the screenshot from NameCheap above, let me know!)

PS: I thought of a thing to clarify in @tasha’s instructions. Do I put both the bare domain and the www version in the config on the Glitch side? That’s what I’ve done so far:

image

1 Like

Oh no! Thanks for trying. Based on the screenshot that you posted, there is one thing that you need to fix.

For the CNAME record under Host, it should just say: www
Then for the Value, it should say: molecall.com

And yes, you will need to add both the www version and the bare domain to the Glitch project in the editor. What you have there looks correct.

2 Likes

Ah, thank you! Here’s what I have now:

And it’s been much longer than that 1 minute TTL but I still get DNS_PROBE_FINISHED_NXDOMAIN from all the variants.

1 Like

is there supposed to be a “.” at the end of “molecall.com” ?

what happens if you remove the “.” from the CNAME Value

2 Likes

Namecheap adds that automatically, I’m not sure why but I always try to remove it from mine but it puts it back lol.

4 Likes

Good question, but I infer that it’s supposed to be there because when I remove it, NameCheap automatically puts it back.

1 Like

Interesting, I did not know that. Thanks @dreev and @jenn

@dreev when you started updating the dns config according to the guidance above, did you start from scratch? Or did you edit the existing records on Namecheap from what you had previously?

You may need to delete the records on Namecheap and then try adding them again, starting with the ANAME and then adding the CNAME.

I know that is really annoying - im sorry to put you through all this! But I have found that will typically help.

3 Likes

I’ve seen some guides that say to use something like @ in the name column to control the apex domain. Dunno if that’s consistent with the instructions for namecheap specifically. I mean just from pattern matching, one might wonder if this screenshot says that molecall.com.molecall.com resolves to 50.21.246.1.

2 Likes

I believe I did but I just did so again to be sure.

Oh ho, thank you. You’re right, it should be @ according to Namecheap’s help pages.

This is huge progress! I’m kind of back where I started but with a better error. Namely, everything works except https://molecall.com which gives ERR_SSL_PROTOCOL_ERROR in Chrome and SSL_ERROR_ACCESS_DENIED_ALERT in Firefox. I.e., there’s apparently no SSL certificate for molecall.com?


To review for anyone just tuning in or as a sanity check, here are the steps I’m taking to get my custom domain (molecall.com) to point to molecall.glitch.me and have all four variants (http vs https and www vs root) work:

[instructions moved to final post below]


Results so far:

:white_check_mark: http://molecall.com
:white_check_mark: http://www.molecall.com
:x: https://molecall.com – “secure connection failed”
:white_check_mark: https://www.molecall.com

2 Likes

Oh nice, we’re so close! Okay, so since http is working with molecall.com and https is not, this means the final piece is the SSL cert which is done automatically on the Glitch + Fly.io end. It also sometimes takes time but if you don’t see it working in an hour, try removing “molecall.com” from your Glitch app and re-adding it (don’t touch Namecheap).

4 Likes

:tada:

It works now! Thank you so much for the help, everyone. It looks like Glitch / Fly.io caught up with the missing SSL cert on its own – I didn’t have to delete and re-add molecall.com in the Glitch config.

So I believe my instructions above [now below] are correct and I’m now repeating them for two other domains…

:drum:

And it worked instantly this time!

:white_check_mark: http://____
:white_check_mark: http://www.____
:white_check_mark: https://____
:white_check_mark: https://www.____

I’m now adding some edits and clarifications in the above [now below] instructions. I think it would make sense to incorporate them into the official instructions.

I believe the existing official instructions are great if you have a specific subdomain of your custom domain that you want to use. If not then you’ll surely want both the root domain and the www version to work and of course you’ll want it to work for both http and https. As far as I can tell, only those with a profound understanding of sysadminnery could immediately infer the instructions below from what’s currently in the official instructions. (I mean, I have a PhD in computer science and it was a pretty huge frustration for me to piece it all together!)

Final Instructions

[moved again as I’ve learned new things and to keep it all as a single coherent set of step-by-step instructions! see new final response below.]

Open Questions

  1. Is it fragile to hardcode the IP address? Is there any way to avoid doing so?
  2. What if I’m morally opposed to non-encrypted websites and want the http version to actively redirect to the https version?
  3. Which should be the canonical version of the URL? (I hear it’s important for googly/SEO reasons to pick one and have all others redirect to it.)
5 Likes