Penduin's Pen

Nerd Alert:  This post is purely in the hope of saving someone (my future self included) a whole lot of time and anxiety.  It's another one of those really specific combinations that cause trouble, which I keep seeming to find.

The short story:

A Record	@	35.185.44.232
TXT Record	@	gitlab-pages-verification-code=...
A Record	www	35.185.44.232
TXT Record	_gitlab-...-code.www	gitlab-pages-verification-code=...
CNAME Record	www	myusername.gitlab.io.

• mysite.com and www.mysite.com had to be separate domains in GitLab Pages.
• The second TXT record is most of the host value GitLab Pages suggests, but ends at "www".
• That last CNAME record, I had to add after setting up letsencrypt on www.mysite.com.  (There was no such trouble with plain mysite.com.)

GitLab is amazing, its Pages service is wonderful, and its documentation is even mostly pretty good.  NameCheap is what it says on the tin, domain names for not much money.  Its "clever" DNS config is not my favorite, but it's better than how the entire management UI is broken about every odd time I try to use it.  Let's Encrypt (letsencrypt.org) is half of how web certificates should have worked in the first place (the second half is decoupling identity from encryption, but I won't go down that road).

Anyway, GitLab Pages itself says one thing, its documentation says another, and neither match up to NameCheap's DNS tools.  I had a variation of these settings which worked for domain verification but LetsEncrypt still failed.  I never learned what part was mistaken or why either, since no actual errors are reported; the UI and email report literally say "something went wrong".  Gee thanks.  But, the settings above worked, so I'm preserving them in a public place.

My final note, about the CNAME record, makes me wonder whether in 3 months I'll have trouble again when the letsencrypt cert renews.  But, I'll cross that bridge when I come to it.

OK, that's all.  I hope it saves somebody some headaches!