# DNS Records and SSL for Makers

Learn the practical order for pointing a domain at a VPS, checking DNS, proving HTTP, and adding HTTPS.

## Outcome
Connect a domain to a VPS without guessing whether the problem is DNS, Nginx, or TLS.

## Safe first step
dig +short domain A shows the public A record answer.

## Ladder steps
### 1. Point the root record
The root domain usually needs an A record to the VPS IP.

Check: dig +short example.com A returns the expected IP.

### 2. Point www deliberately
www can be a CNAME to the root domain or its own A record.

Check: dig +short www.example.com returns a sensible answer.

### 3. Serve HTTP first
Certificate issuance is easier after port 80 answers correctly.

Check: curl -I http://example.com returns the expected site.

### 4. Add HTTPS last
TLS should be configured after DNS and HTTP are already proven.

Check: curl -I https://example.com returns 200 or redirect as intended.

## Examples
### Check the root A record
```sh
dig +short topicladder.com A
```
Expected signal: The VPS IPv4 address

### Check the www answer
```sh
dig +short www.topicladder.com
```
Expected signal: A CNAME or resolved IP

### Verify public HTTP
```sh
curl -I http://topicladder.com/
```
Expected signal: A status line and server headers

## Common traps
- Changing DNS and TLS at the same time.
- Testing only from the VPS.
- Forgetting www when issuing certificates.

## Practice task
Write the sequence you would use to connect a new domain to an existing VPS, including the command that proves each step.

## Next steps
- Learn Nginx static roots.
- Learn release symlinks.
- Learn Search Console setup when the site is ready.

## Related
- [DNS troubleshooting path](https://linuxoneliners.com/problems/linux-dns-not-resolving/)
