Hi there. My main domain is hosted by a conventional shared hosting service, with cPanel access, but a subdomain of it is hosted by Google's Blogger service (which only gives me the option of a toggle for "HTTPS availability" (I believe it does use Let's Encrypt). I know questions have been asked before about subdomains on separate host servers, but the answers are way over my head. I am unfortunately a total noob as far as SSL, and need someone to walk me through the process of getting both the main domain and the separately-hosted subdomain HTTPS-ready.
I understand that I can issue Let's Encrypt certificates for the main domain through my cPanel. The Blogger subdomain, which is represented in my cPanel DNS settings with a CNAME record, is not among the subdomains that the cPanel Let's Encrypt applet offers to issue a certificate for.
On the Blogger end, toggling "HTTPS availability" to "on" fails, with the error message "You have not been authorized to use this domain." The help file contains this piece of (possibly relevant?) advice, but I don't know what it means:
Important: If you use CAA Records on your custom domain, add a record for letsencrypt.org, or Blogger won't create or renew your SSL certificate.
How can I get the Blogger-hosted subdomain's SSL working, and is there something specific I need to do (or avoid doing) while setting up SSL for the main domain on the other host's cPanel?
Thanks. But there appears to be no CAA record in my DNS settings for the domain. Do I need to add one then? And if so, what values should the record contain?
(Note that the CAA message is a generic piece of advice I found digging through the Help, not a message that was generated for me specifically.)
I'm not sure what the difference is between TLS and SSL. Google has a free option to switch to HTTPS, I believe using Let's Encrypt certificates issued to them, but as I explained, the problem is that Google is giving me an error and I'm wondering whether it's something I need to fix using my domain's DNS settings.
Everything looks fine with your domain. CAA isn't a relevant issue in this case.
Something is probably wrong on the Blogger side, but it's hard to say what. It doesn't help that it's impossible to get an answer out of Google.
If you can, I would try remove and readd the custom domain to your blog. There's a few posts around suggesting that it can be an effective way to work around this issue.
Thanks for the link - I can't seem to pull any useful advice our the replies in that thread though. If you have an idea of exactly what record I could add to try to fix it (including values for the record), let me know.
Ah, okay - thanks for confirming that! And yes, hard to get a response out of Google, unfortunately. I can try disconnecting and reconnecting the domain. Maybe something went wrong when I switched nameservers for the main domain a day or two ago?
I'll wait first for @griffin to reply, rather than messing with the DNS while they're still looking at it.
I could do a screenshot, but it wouldn't be very interesting. It's just a little box popping up next to the toggle saying exactly that, and to "follow the instructions" to fix it (without specifying which instructions they're referring to).
Ah! Yes, I'd forgotten about it, but I was. The second CNAME, with containing Blogger's "security tokens" appears to be there in cPanel.
Forgive me if this is a total rookie mistake, but I think I just copied and pasted that across into cPanel when I moved the nameservers to the new host for the main domain. Should I instead have disconnected and reconnected Blogger to generate new tokens for that CNAME record?
EDIT: Yes, disconnecting and reconnecting Blogger to the domain solved the problem - thanks so much to griffin for all the help!
