I just configured SSL certificate on a domain that routes to my Elastic Beanstalk ALB.
However, it seems like the SSL lock icon does not show for domains with subdomain other than www.
for example, the lock icons shows for www.myDomain.com and myDomain.com. But it does not show for api.myDomain.com or www.api.myDomain.com.
How I set it up:
I went on AWS Certificate manager and requested for SSL certificate on my domain. Then, I went to Route 53 and created a record alias to my elastic beanstalk load balancer with subdomains of www, ``, and api. I don't know why but only www.myDomain.com and myDomain.com shows the ssl lock, not for api.myDomain.com.
The reason I want to do this is because I want to use api.myDomain.com for my API and myDomain.com for my front end app. Is this best practice?
can anyone help me with this?
Related
I am facing difficulty in serving requests from test.domain.com with the configuration with a combination of AWS Certificate Manager (ACM), AWS EC2 (linux AMI), AWS CloudFront (CF), Google DNS and Apache server.
I have following setup in public_html directory:
I have 2 folders in /var/www/html
prod
test
Objective is to serve requests received from test.domain.com using test directory and the ones received from domain.com using prod directory.
The setup is working fine with acme ssl certificates ie., for production (domain.com), we are using acme SSL certificate and DNS is pointing to Elastic IP and working fine. Even test.domain.com was working
fine with acme ssl setup.
However, I'm trying to switch to ACM. As it works only with CF and ELB (AWS Elastic Load Balancer), created a CF distribution.
Created one CloudFront (CF) distribution pointing to AWS EC2 endpoint with Origin path /test.
Redirected test.domain.com to CF distribution in Google DNS as the domain is registered with them.
With this setup, test.domain.com is also presenting domain.com and not the test server as anticipated.
https.conf has correct DocumentRoot for each ServerName. But, request is not hitting the virtualhost of test server..
whats missing? pls suggest..
You can try below:
Add both domain.com and test.domain.com to CloudFront CNAME list.
ACM certificate which has common name/SAN as domain.com and *.domain.com (or test.domain.com)
In CloudFront cache behavior , whiteist HOST header, this will make sure that when client access domain.com , cloudfront send the same value in host header when contacting origin.
Link:
Forward host header
I have a static html site hosted on a s3 bucket. I have generated a free ssl certificate with let's encrypt which I imported into ACM.
certbot --manual --server https://acme-v01.api.letsencrypt.org/directory -d example.com -d www.example.com
I have setup cloudfront to use that certificate.
On my DNS provider (namecheap) I have set a CNAME that points www to the cloudfront domain name, and also put a redirect from mydomain.com to www.mydomain.com
Now if I go to
https://www.example.com, it works
https://example.com, it hangs until it times out
Can someone tell me what I'm a missing ?
On my DNS provider (namecheap) I have ... put a redirect from mydomain.com to www.mydomain.com
There's the problem. Your "DNS provider" has a redirect service that doesn't support HTTPS. There is no way they can -- a redirect can only occur after an HTTPS connection is made, and an HTTPS connection requires a valid certificate.
Redirects are never actually done in DNS, though your provider's interface may give you that impression. Redirects are always done with a web server. Your provider has a web server that they provision and point the DNS there when you configure one hostname to redirect to another.
In short, there's not really a way to do this at the domain apex without using Route 53 as your authoritative DNS host. You don't have to transfer your domain name registration to the Route 53 registrar, but you'll need to use Route 53 for your DNS, and you'll need a second bucket and a second CloudFront distribution -- see Supporting HTTPS URL redirection with a single CloudFront distribution.
*.example.com, example.com, www.example.com - SSL - Issued by Amazon.
SSL installed and setup with ELB. Accessing the domain via example.com and www.example.com works with SSL perfectly. Yet when any sub domain(Subdomain.example.com) is accessed, SSL fails.
Subdomains are generated via a route.php script. Subdomains are dynamic.
Forcing SSl doesn't work. Tried other methods via .htaccess and its failing.
Does ELB work with wildcard SSL ? How do i fix these problem?
Thanks
I found the solution.
Add *.example.com to ElB with A record alias in route 53.
Trying to get
https://example.com
To not refuse the connection, to show my website, and to redirect to:
https://www.example.com
Without having to switch my DNS hosting to DNSimple or adding another service provider.
My domain was purchased on GoDaddy. DNS is on GoDaddy as well, set up as shown below.
My app is hosted on Heroku, using a Let's Encrypt certificate, that I installed following this answer.
Currently using Helmet+express-enforces-ssl to force hsts.
I have read the following info:
Heroku SSL on root domain ; Heroku SSL Endpoints ; The Limitations of DNS A-Records
The last of which states:
(...) applications requiring SSL encryption should use the
ALIAS/ANAME configuration on the root domain. Subdomain redirection
will cause a browser error when the root domain is requested over SSL
(i.e. https://example.com).
Which seems to be my problem (?).
How do I set this up on GoDaddy?
I'm new to AWS server and I was recently handed a server to maintain. It freaks me out a little bit.
Let's say our domain is: abc.com and www.abc.com
I have already installed letsencrypt SSL certificate for these 2 domains. and they worked fine.
The problem now is that we need an unbounce page to divert traffic to a landing page (away from the buggy one we have on aws right now).
I, then, went on my DNSimple an reroute as follows:
abc.com URL www.abc.com
www.abc.com CNAME unbouncepages
--> abc.com and www.abc.com resolve to our landing page on unbounce
BUT, we still need the page we have set up on aws server.
At the moment, I have this configured on DNSimple:
sub.abc.com ALIAS xx.xx.xx.xx.xx (our AWS server public IP)
https://sub.abc.com will complain: This page is insecure (broken HTTPS).
My question is: How do I add SSL certificate to a subdomain on an apache AWS server?
Any suggestion is much appreciated