SOLVED

new brand CNAME shows 403 when trying to access landing pages.

Go to solution
eyilmaz
Level 1

new brand CNAME shows 403 when trying to access landing pages.

Hi,

 

we did setup a new CNAME for a new brand.

The CNAME looks like:

info.[brand].com.  IN CNAME [marketo-instance].mktoweb.com.

[marketo-instance].mktoweb.com. 300 IN CNAME sj11.mktossl.com.
sj11.mktossl.com. 300 IN A 104.17.72.206
sj11.mktossl.com. 300 IN A 104.17.71.206
sj11.mktossl.com. 300 IN A 104.17.73.206
sj11.mktossl.com. 300 IN A 104.17.70.206
sj11.mktossl.com. 300 IN A 104.17.74.206

 

In addition to that, we added the new domain as a domain alias to the Landing page rules.

But when we try to access the landing pages, we get a 403 result instead of the actual landing page.

Does anyone has an idea what the issue could be here?

1 ACCEPTED SOLUTION

Accepted Solutions
Oz_Platero
Level 6

Re: new brand CNAME shows 403 when trying to access landing pages.

@eyilmaz 

This is not an area I am an expert in.   Reach out to Marketo support and let them know you use and see if there is any additional configurations needed.

Cloudflare, Inc. for  -> info.biotronik.com

and

McAfee Inc.   for  ->  info.mst.com

 

When I try an access https://info.mst.com/Test2.html  I am blocked by a failing SSL inspection.

View solution in original post

7 REPLIES 7
Oz_Platero
Level 6

Re: new brand CNAME shows 403 when trying to access landing pages.

Hello @eyilmaz ,

Do you mind putting the actual CNAME and a Test Marketo Landing Page in here so I can check on it?

Thanks,

oz

eyilmaz
Level 1

Re: new brand CNAME shows 403 when trying to access landing pages.

Hi,

 

Here is a test landing page:

https://info.biotronik.com/Test2.html

and the new cname would be info.mst.com, So I would assume the same landing page accessible via https://info.mst.com/Test2.html

 

Oz_Platero
Level 6

Re: new brand CNAME shows 403 when trying to access landing pages.

Ok.  Two different top level domains. Not that cookies would not be shared accross domains, but you may have already known that.

 

Assuming you first started off with info.biotronik is your first CNAME, you added this as your 2nd info.mst.com?

So in Domain alias you added this https://info.mst.com

 

Have you purchased SSL/TLS for both top level domains? If you purchased it for the first one you will need to do it for the 2nd one as well.

eyilmaz
Level 1

Re: new brand CNAME shows 403 when trying to access landing pages.

Hi,

 

yes exactly. The first CNAME was info.biotronik.com. The second is info.mst.com.

 

Does the SSL/TLS Certificate have influence to it to have it working? And do you have a hint where to set this up/purchase?

Oz_Platero
Level 6

Re: new brand CNAME shows 403 when trying to access landing pages.

@eyilmaz 

This is not an area I am an expert in.   Reach out to Marketo support and let them know you use and see if there is any additional configurations needed.

Cloudflare, Inc. for  -> info.biotronik.com

and

McAfee Inc.   for  ->  info.mst.com

 

When I try an access https://info.mst.com/Test2.html  I am blocked by a failing SSL inspection.

View solution in original post

SanfordWhiteman
Level 10 - Community Moderator

Re: new brand CNAME shows 403 when trying to access landing pages.

The problem is the SSL cert, exactly as Oz says. You need to have the new domain added to the CloudFlare cert by Support (this doesn't happen automatically).

Terminology note: info.mst.com is an alias, not a CNAME. The CNAME is the right-hand-side of the record, i.e. accountstring.mktoweb.com. A DNS CNAME record points an alias to its Canonical Name (i.e. real name, authoritative name, etc.).
eyilmaz
Level 1

Re: new brand CNAME shows 403 when trying to access landing pages.

Thank you both, now after your hint, I see this also mentioned in the docs:

https://nation.marketo.com/t5/Knowledgebase/Overview-amp-FAQ-Secured-Domains/ta-p/300900

 

Then, you'll need to contact Marketo Support to complete the process.

NOTE: Domains are NOT automatically secured once they're configured in your instance - you MUST contact Support for any domain changes!



Looks like I overlooked this.