401 error when adding custom domain to gitlab pages with Namecheap

jlu · March 13, 2021, 4:22pm

After getting the site running on https://username.gitlab.io/project name/ I tried adding a custom domain. The domain is fitshapeprogressions.com.
But this results in the following error:

I set the pages access control to ‘everyone’ so why would there be a permission error?

I set things up as follows.

For the DNS site of things I followed this explanation: namecheap docs
Ending with these settings:

On the gitlab site of things the domain got successfully verified

I’ve looked at a similar problems but proposed solutions don’t seem to work
401 Unauthorized error for gitlab page deployed with Publii
401 error when adding custom domain to gitlab pages

Any ideas as to what might be causing the error?

dnsmichi · March 16, 2021, 2:43pm

Hi,

I think the A records in your DNS configuration are not correct. The challenge with TXT records looks fine.

$ dig fitshapeprogressions.com A

fitshapeprogressions.com. 1653	IN	A	185.199.111.153
fitshapeprogressions.com. 1653	IN	A	185.199.109.153
fitshapeprogressions.com. 1653	IN	A	185.199.110.153
fitshapeprogressions.com. 1653	IN	A	185.199.108.153

resolves to IP addresses owned by GitHub but not GitLab. The correct A record is documented here, at the time of writing this is 35.185.44.232.

Verify this works by accessing the server. Note that your zone time-to-live (TTL) is set to 1800 seconds / 30 minutes - this may be the time until caching resolvers take up on the changes.

For adding www as a subdomain, you need to use the CNAME record, and an addition TXT record with the updated domain, see here: Custom domains and SSL/TLS Certificates | GitLab

I would not bother though, the www. prefix for websites is old legacy requirements by browsers.

Cheers,
Michael

jlu · March 18, 2021, 9:36pm

Thanks for the answer Micheal. I’ve added 35.185.44.232 and removed the other A records. dig now shows the new ip and the TTL should have expired by now. But the error still shows. Any idea as to what else might be going wrong?

dnsmichi · March 19, 2021, 9:15am

Hi,

it seems that Let’s Encrypt did to take up on the domain name. Accessing the raw domain at http:// shows

If I change that to https:// it says

Please share a full screenshot of your pages settings page to double check. Probably the domain name is wrong or it shows another error.

Cheers,
Michael

jlu · March 19, 2021, 9:53am

It seems Let’s Encrypt was not enabled. After enabling the site works on https. Thanks for all the help.

diapason-consulting · March 11, 2022, 6:12am

Hi @jlu and @dnsmichi
I take the liberty to piggy back this thread.
My doamin is managed with Namecheap
Can’t get my page here to work with the www subdomain

I raised it up to namecheap support who say things are ok from their side

Could you help out ?

url is http://t3p0.com
https works , but the www ends in 401 with or without https

FYI: https://www.namecheap.com/support/knowledgebase/article.aspx/10446/2208/how-do-i-link-my-domain-to-gitlab-pages/

THX

dnsmichi · March 18, 2022, 3:48pm

@diapason-consulting The www.t3p0.com domain needs a separate entry in your pages configuration, as well as the DNS challenge as TXT record for www.

Currently, the DNS configuration is pointing to a different IP address.

$ dig www.t3p0.com

www.t3p0.com.		1799	IN	A	192.64.119.46

If you can, avoid providing www. at all. Modern browsers will try to remove it in the address bar already.

diapason-consulting · March 20, 2022, 12:10pm

Dear @dnsmichi
THX for your help.
I had resorted to using a redirect to try to solve the issue hence the discrepnancy.
I have now stopped using the t3p0.com “draft url” altogether to use my actual URL:
http://diapason.consulting

And still the same issue with the www.
A lot of people (me included) still have the habit of typing www. It is also on my printed business cards
I;d really like to understand what’s up there. A dig command shoes the right IP address, it is really a Gitlab issue.

dnsmichi · March 21, 2022, 10:22am

Please share the pages settings for your GitLab project, there should be 2 domains - diapason.consulting and www.diapason.consulting. Both domains have a different verification code.

The DNS provider settings also need a DNS challenge verification entry each. Can you share how you have configured them?

From a DNS query, I can see that the challenge code is identical for both domain entries, which is likely the problem. Each verification code only is valid for a specific domain entry.

Example for everyoncancontribute.com:

Pages

Namecheap DNS

diapason-consulting · March 22, 2022, 9:58am

THX a lot