NetlifyのTLS証明書の更新が失敗する件

  • このエントリーをはてなブックマークに追加

このようなメールが届いて、CustomDomainのTLS証明書の自動更新が失敗しました。

1
2
3
4
5
6
7
8
Title: [Netlify] Failed attempt to renew your TLS certificate

Failed to renew TLS certificate for <my-domain>

The TLS certificate for <my-domain> will expire on Jun 28, 2020. We tried to renew it, but got this error message:

SniCertificate::CertificateInvalidError: Unable to verify challenge for www.hedgehog.studio
We’ll keep trying — in most cases of failure, we succeed on the next attempt. However, it’s still a good idea to check the certificate status in your site’s SSL/TLS settings.

原因はCNAMEで設定している、****.netlify.com****.netlify.appに変更になっていたからです。公式サイトには変更のお知らせはどこにも無く、メールでの通知のみでした。

しかもメールには「No action required: sites without custom domains moving to netlify.app」とあるので、何もしなくて良いんだなとスルーしてました。

対処

  • DNSのCNAMEレコードの変更
1
2
before: cname www <my-site>.netlify.com.
after: cname www <my-site>.netlify.app.
  • _redirectsの更新(.appの2行を追加)
1
2
3
4
5
http://<my-site>.netlify.app/* https://blog.orz.at/:splat 301!
https://<my-site>.netlify.app/* https://blog.orz.at/:splat 301!

http://<my-site>.netlify.com/* https://blog.orz.at/:splat 301!
https://<my-site>.netlify.com/* https://blog.orz.at/:splat 301!

もしかしたら、失敗はたまたまだったのかもしれないけど、念のため.comから.appに変更しました。

メール本文

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
Hello,

A reminder that starting April 14, 2020, sites without a custom domain are being moved from your-site.netlify.com to your-site.netlify.app. New websites will also have URLs ending with netlify.app, unless you specify a custom domain.

Why the change? We're investing in the security and stability of our infrastructure, and this step is necessary on that journey.

It's important to note your existing sites will continue to operate properly using their current URLs. We expect some users may have configured redirects. If you have configured redirects on our service referring to your-site.netlify.com directly, we recommend you take action to add a second copy of them for your-site.netlify.app.

If you have no redirects like that, there's no action required on your part, but we wanted to inform you well ahead of the change in case you have any questions. Additional details are provided below if you'd like to read more. Thanks for being part of the Netlify community!

-Team Netlify

Will my current sites continue to work?
Absolutely. Any sites already deployed to your-site.netlify.com will continue to operate, just as they do now. Traffic to any your-site.netlify.com address will be forwarded to your-site.netlify.app seamlessly and automatically, using a 301 redirect. (This tells browsers and search engines that the site has moved, so they know the new location.)

Importantly, we have no plans to ever stop forwarding netlify.com addresses or force a migration. We understand your established domain names and inbound links to your site are important to you. After the update, links to your sites will continue to work, just as they do now. The only change will be that netlify.app will display in the URL bar, whether visitors click on a link or type your site name in directly.

Testing is now enabled—and easy to do.
We've enabled testing for the migration from sitename.netlify.com to sitename.netlify.app and you may start testing it today, especially if:

You browse via yoursitename.netlify.com start using yoursitename.netlify.app
you have redirects or other configuration pointing to or referencing https://yoursitename.netlify.com
Again, there's no action required on your part, but we wanted to inform you the option to test is available.

Will this impact my SEO?
No. Forwarding traffic to a new domain extension using a 301 redirect is a proven technique that search engines are well aware of. Your inbound links will not be affected. Your search engine rankings will not be affected.

What if I have a custom domain?
There will be minimal impact to sites with custom domains, and no need to update your DNS if it's configured according to our standard documented setup. This is true whether you purchased a domain through us or brought it with you from another provider.

Will my site take longer to load?
It takes just a couple of milliseconds to direct a .com URL to .app. Your users will not perceive any additional load time. And since browsers cache 301 redirects, there will be no speed impact for page loads after the first connection.

What about HTTPS?
We’re doing our part for a more secure web. Every Netlify site deployed uses a free certificate from Let’s Encrypt. Your certificates will continue to work and your sites will continue to be encrypted with no action required.

Do I need to update my site or application?
In most cases, no. This change is very unlikely to impact the way your application functions, as all requests will automatically be forwarded to netlify.app on your behalf.

What about new sites?
Any site you deploy after April 14, 2020 will receive a shiny new .app URL that you’ll see displayed in the Netlify dashboard. However, for simplicity’s sake, even new sites will be forwarded to the right place should anyone mistakenly type the netlify.com domain. We want things to be as simple and seamless as possible.

What if I use a proxy in front of Netlify?
Since Netlify operates as a global CDN, we don't encourage customers to use proxies or services like CloudFlare in front of Netlify. Using a non-Netlify proxy isn't a configuration we officially support. (For more details, read the community post 'why not proxy to Netlify.') If you do need to use a third-party proxy, you will want to carefully test your application after the migration. Some proxies expect content returned and won't be successful navigating the 301 redirect.

What if I have questions or concerns? We're here to help! Please join the discussion in the community or if you are on a paid plan including support, you can contact support directly.