I’ve created a domain on https://www.duckdns.org.
I’ve uploaded it as a custom domain to my Web Service (FastAPI) and the verification works but it’s stuck on “Certificate Pending” for a few days now and the domain doesn’t work.
Why does it happen and what can I do?
Thanks.
Hi there,
That domain is not pointing at a Render service,
$ dig +short CNAME www.duckdns.org.appservers-duckdns-prod-1630339571.ca-central-1.elb.amazonaws.com.
We can’t issue certificates until that is correct,
Regards,
Seems like it does.
$ dig esports.duckdns.org
; <<>> DiG 9.10.6 <<>> esports.duckdns.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9456
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;esports.duckdns.org. IN A
;; ANSWER SECTION:
esports.duckdns.org. 60 IN A 216.24.57.1
;; Query time: 155 msec
;; SERVER: 100.95.0.251#53(100.95.0.251)
;; WHEN: Mon Jul 22 15:29:09 IDT 2024
;; MSG SIZE rcvd: 64
Perhaps I’m missing something.
Care to explain please?
That’s a different domain, I was checking www.duckdns.org as that was what was in your original post.
Please use a CNAME to the onrender.com address for esports.duckdns.org and not the IP address as an A record, although that shouldn’t limit the certificate being issued. But first, start with that and then we can go from there.
Regards
duckdns doesn’t support setting CNAME records, only A records.
But Render says that I can use A records to point to the load balancer and it should work.
Why doesn’t it?
It will work, it’s more efficient to use the onrender.com address rather than the IP.
I’ve changed the certificate provider for the domain and the certificate is now issued and in place,
Regards,
I’ve also created esports.webredirect.org
as a CNAME to esports-schedule.onrender.com
.
Care to please check why that doesn’t work?
$ dig esports.webredirect.org
; <<>> DiG 9.10.6 <<>> esports.webredirect.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25101
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;esports.webredirect.org. IN A
;; ANSWER SECTION:
esports.webredirect.org. 120 IN CNAME esports-schedule.onrender.com.
esports-schedule.onrender.com. 300 IN CNAME gcp-us-west1-1.origin.onrender.com.
gcp-us-west1-1.origin.onrender.com. 174 IN CNAME gcp-us-west1-1.origin.onrender.com.cdn.cloudflare.net.
gcp-us-west1-1.origin.onrender.com.cdn.cloudflare.net. 54 IN A 216.24.57.4
gcp-us-west1-1.origin.onrender.com.cdn.cloudflare.net. 54 IN A 216.24.57.252
;; Query time: 193 msec
;; SERVER: 100.95.0.251#53(100.95.0.251)
;; WHEN: Mon Jul 22 17:13:36 IDT 2024
;; MSG SIZE rcvd: 242
That particular domain is banned by our upstream provider, Cloudflare so we can’t get certificates issued for that. Typically it’s banned for commercial reasons between its owner and Cloudflare.
At this point, I’ll probably say that you’ll have a much better experience if you register your own domain and configure it to point at your service rather than trying to use these services that give you a sub-optimal experience,
Regards,
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.