Box continues to serve custom domain with TLS/SSL

tonyp · June 8, 2016, 4:17am

Hi everyone,

I have a few domains on my mailinabox, some going to custom domains and other using the aliases feature to route just email.
With the new Lets Encrypt feature I provisions a list of four alias, one which later was routed to a custom domain.
Now in the past I have been able to successfully add a custom domain on the box to point to an external IP by A record to point to the IP for the www.mydomain.com and another record using CNAME for mydomain.com

I have now done so again for an additional custom domain, only difference on this occasion I had provision that TLS record on the box prior to pointing to my custom domain using Lets Encrypt.

Having waited now for DNS to propogate, i can browse to my new A recordcorrectly as www.mydomain2.com which goes to my external IP whereas mydomain2.com thinks its seeing the mailinabox IP and throws security errors in the browser

Your connection is not secure
The owner of [mydomain2.com] has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website.
This site uses HTTP Strict Transport Security (HSTS) to specify that Firefox only connect to it securely. As a result, it is not possible to add an exception for this certificate.

In the advance shows

mydomain2.com uses an invalid security certificate. The certificate is only valid for the following names: mymailinabox.com

Has anyone come across this issue?
How do i remove this TLS/SSL certificate within my mailinabox as i think its being confused by my original provision.

Any guidance would be appreciated. Thanks

Tony

Learn more…

JoshData · June 8, 2016, 1:44pm

Clear your browser cache. It has nothing to do with your Mail-in-a-Box at this point.

tonyp · June 9, 2016, 2:15am

Thanks Josh,

That solved half of it, I also needed to add another A record to route to mydomain.com instead of using the cname record.

Tony

murgero · June 9, 2016, 1:02pm

Custom DNS page should do the trick, setting the custom DNS name for www.mydomain.com and mydomain.com will tell MIAB to stop serving the domain via http.

tonyp · June 9, 2016, 3:17pm

Hi Murgero,

In my custom DNS page I originally had it configured as

mydomain.com CNAME www.mydomain.com
www.mydomain.com A XX.XX.XX.XX

This was how one of my other existing domains has been setup to serve an external dns. In fact when i used dig against that other domain and the associated www, it would resolve to the IP correctly. I guess what I was curious about in this instance was why it wasnt working on this new domain for just the domain and not the www. The only difference was, i thought, in this new domain was that i had provisioned a TLS/SSL on the box prior to using custom dns and perhaps there may have been a bug. In any case, including Josh’s suggestion of clearing cache and then furthermore this configuration, created the behavior i expected.

mydomain.com A XX.XX.XX.XX
www.mydomain.com A XX.XX.XX.XX

Perhaps someone with a better understanding of DNS can explain what the correct configs ought to be, because to me, using a cname record should have been ok.

regards

Tony

JoshData · June 12, 2016, 1:40am

CNAMES only work on subdomains. Why it worked elsewhere would be a question for your other provider.