Facebook Pixel

Domain Verification and Troubleshooting Fixing DNS and SSL Issues

Learn how to verify domain configuration and troubleshoot common DNS, SSL, and Nginx issues when setting up a custom domain for your Node.js application.

Domain Verification and Troubleshooting

After configuring your domain, DNS, and SSL, you need to verify everything works and troubleshoot common issues.

Verification Checklist

# 1. Check DNS resolution dig yourdomain.com A +short # Should return: 12.34.56.78 dig api.yourdomain.com A +short # Should return: 12.34.56.78 # 2. Check HTTP curl -I http://yourdomain.com # Should return 301 redirect to HTTPS # 3. Check HTTPS curl -I https://yourdomain.com # Should return 200 with SSL headers # 4. Check API curl https://api.yourdomain.com/api/health # Should return your API response # 5. Check SSL certificate echo | openssl s_client -connect yourdomain.com:443 2>/dev/null | openssl x509 -noout -dates # Should show notBefore and notAfter dates # 6. Check global DNS propagation # Visit https://dnschecker.org/ # Enter yourdomain.com, type A

Common Issues and Solutions

1. Domain Not Resolving

Symptom: dig yourdomain.com returns nothing or wrong IP.

Solutions:

# Check nameservers dig yourdomain.com NS +short # Should return your DNS provider's nameservers # Check if the A record exists dig yourdomain.com A +short # Should return your EC2 IP # Flush local DNS cache sudo dscacheutil -flushcache # Mac ipconfig /flushdns # Windows sudo systemctl restart nscd # Linux

Common causes:

  • Nameservers not updated at the registrar
  • A record not created or wrong value
  • DNS propagation not complete (wait 1-24 hours)

2. SSL Certificate Error

Symptom: Browser shows "Your connection is not private" or curl fails with SSL error.

Solutions:

# Check certificate validity sudo certbot certificates # Renew if expired sudo certbot renew # Check Nginx SSL config sudo nginx -t

Common causes:

  • Certificate expired (renew with certbot)
  • Nginx not configured for SSL
  • Domain not pointing to the server before certbot was run
  • Cloudflare proxy interfering with HTTP-01 challenge

3. 502 Bad Gateway

Symptom: Nginx returns 502.

Solutions:

# Check if Node.js is running pm2 status # Check Nginx error log sudo tail -20 /var/log/nginx/error.log # Check if port 3000 is listening sudo netstat -tlnp | grep 3000 # Restart both pm2 restart devtinder-api sudo systemctl restart nginx

4. CORS Errors

Symptom: Browser console shows Access-Control-Allow-Origin error.

Solutions:

// Check backend CORS config app.use(cors({ origin: ["https://app.yourdomain.com", "https://yourdomain.com"], credentials: true }));

Ensure the origin matches exactly (including https:// and no trailing slash).

5. Cookies Not Being Sent

Symptom: User is not staying logged in.

Solutions:

// Check cookie config res.cookie("token", token, { httpOnly: true, secure: true, // HTTPS only sameSite: "none", // Cross-site (for different subdomains) domain: ".yourdomain.com", // All subdomains maxAge: 7 * 24 * 60 * 60 * 1000 });

Ensure:

  • secure: true is set (HTTPS only)
  • sameSite: "none" for cross-subdomain (requires secure)
  • domain: ".yourdomain.com" for subdomain sharing
  • Frontend Axios has withCredentials: true

6. Redirect Loop

Symptom: Browser shows "Too many redirects" (ERR_TOO_MANY_REDIRECTS).

Solutions:

// In Express app.set("trust proxy", 1); // This lets Express know it's behind a proxy (Nginx) // Now req.protocol returns 'https' correctly

Common cause: Nginx redirects HTTP to HTTPS, and Node.js also redirects because it sees HTTP (from the proxy). Setting trust proxy fixes this.

7. WebSocket Not Working

Symptom: Socket.io connection fails.

Solutions:

# Ensure WebSocket headers are set location /socket.io/ { proxy_pass http://localhost:3000; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; }

If using Cloudflare, enable WebSockets in Cloudflare dashboard → Network → WebSockets (on by default).

8. Slow DNS Resolution

Symptom: First request is slow, subsequent requests are fast.

Solutions:

  • Reduce TTL (300 seconds for frequently changing records)
  • Use a fast DNS provider (Cloudflare is very fast)
  • Enable DNS prefetching in your HTML: <link rel="dns-prefetch" href="//api.yourdomain.com">

Useful Tools

ToolPurposeURL
dnschecker.orgGlobal DNS propagationhttps://dnschecker.org
whatsmydns.netDNS propagation maphttps://whatsmydns.net
SSL LabsSSL configuration testhttps://www.ssllabs.com/ssltest
dig commandDNS lookupTerminal
curl -IHTTP headers checkTerminal
openssl s_clientSSL certificate checkTerminal
Google PageSpeedPerformance testhttps://pagespeed.web.dev
Security HeadersHeader checkhttps://securityheaders.com

The Takeaway

Domain verification involves checking DNS resolution (dig), HTTP to HTTPS redirect (curl -I), SSL certificate validity (openssl), API health, and global propagation (dnschecker.org). Common issues include DNS not resolving (check nameservers and A records), SSL errors (renew with certbot), 502 (Node.js not running), CORS (match origins exactly), cookies not sent (sameSite and domain settings), redirect loops (set trust proxy), and WebSocket failures (check headers).

Check DNS with dig yourdomain.com A +short (should return your IP), check HTTPS with curl -I https://yourdomain.com (should return 200), check SSL with openssl s_client, check global propagation with dnschecker.org, and test the API with curl https://api.yourdomain.com/api/health.

Check if nameservers are updated at your registrar (dig yourdomain.com NS), verify the A record exists with the correct IP, flush local DNS cache, and wait for propagation (up to 24 hours). Use dnschecker.org to check global propagation.

Check certificate validity with sudo certbot certificates. Renew if expired with sudo certbot renew. Ensure Nginx is configured for SSL (sudo nginx -t). The domain must point to your server before running certbot. If using Cloudflare, use DNS-01 challenge or temporarily disable proxy.

Ensure cookies are set with secure: true, sameSite: 'none' (requires secure), domain: '.yourdomain.com' (dot prefix for all subdomains), and httpOnly: true. The frontend must use withCredentials: true in Axios. All of these are required for cross-subdomain cookie sharing.

This is a redirect loop caused by both Nginx and Node.js redirecting HTTP to HTTPS. Fix by setting app.set('trust proxy', 1) in Express so it trusts the X-Forwarded-Proto header from Nginx and knows the request is already HTTPS.

Ready to master Node.js completely?

Want to upskill yourself, crack your next interview, and get your dream job? Join our comprehensive course to dive deeper with high-quality video tutorials, solve interview questions, and a premium community.

Please Login.
Please Login.
Please Login.
Please Login.
Please Login.
Please Login.
Please Login.
Please Login.
Please Login.
Please Login.
Please Login.
Please Login.