GSuite Site Naked Domain 525 Error but CNAME Works


I have a my website in GSuite and mostly have DNS configured correctly. I’m puzzled by the fact my naked domain - results in a 525 error but does not. I initially had 525 error on www but changed from proxy to DNS. I also tried the same thing with the naked domain but still receive the 525 error. My SSL config is Full Strict since the Google cert is from a trusted CA.

I’m not sure what else to check. I’ve searched the community and have read the docs, I’m just stumped.

Thanks for reading, Mark

Your “www” record is not proxied, so it cannot throw a 525 in the first place.

I presume your naked domain points to the same server as your “www” record, right? In that case it appears that server’s SSL configuration only provides for your “www” record but not for your naked domain

$ openssl s_client -connect -servername
no peer certificate available
No client certificate CA names sent

You probably have to fix that in your Google configuration.

1 Like

According to Google support the openssl command you used won’t work because the ports that would respond are IMAP and SMTP. There’s no way to change the SSL configuration on Google SItes, it’s all automatic.

I ended up creating a page rule to send the naked domain -> www and the problem is solved. The page rule looked like this:* 301 Redirect to$1. Not a true solution as the SSL cert on origin server isn’t being sent but it’s a usable workaround.

Demystifying Google :smile:

They are not as good as everyone thinks they are. The excerpt I posted clearly connects to port 443 which has nothing to do with mail.

If you do not have an SSL certificate on your server your site is still insecure.

1 Like

Though, if you are redirecting from your naked domain to “www” and “www” has a certificate (as it seems to be the case), it would be still a secure implementation.

1 Like

This topic was automatically closed after 30 days. New replies are no longer allowed.